Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »


  • Modified softhsm, TPM plugin and import tool will be pre-installed and come from the base image
  • During the AAF/CM/CA container init, run import.sh and sub scripts to import the CA key to either softhsm or TPM
    • Needs a mount volume to present the pins, formatted keys, srkhandle and import password  for TPM import
    • Needs a mount volume to present the pins, encrypted private key and passphrase for the Softhsm import
  • Create org.osaaf.cm.pkcs11 file under ~/oom/kubernetes/aaf/resources/config/local/
  • Change property file under ~/oom/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props 
    •  point to .pkcs11 file 
    • alias 
    • encrypted pin
  • During the LocalCA instantiation, path to pkcs11 config file, alias  and the keystore pin is passed in through list of paramas 
    • Using these, LocalCA will add the pkcs11 provider
    • load the pkcs11 keystore
    • get the CA key 
  • No labels