Admin creates the primary key by calling utility script create_primary.sh on the tpm capable host. Provides the key password to the OOM which will be passed on to the CA container for key import.

Distribution center container

INPUT

This container expects list of SRK public keys for each host under ~/volume/host_<host name>/out_parent_public and passphrase under ~/volume/passphrase

OUTPUT

This will output the following files under mount ~/volume/host_<host name> for each host

ca.cert
dupEncKey
dupPriv
dupPub
dupSymseed

Encrypted private key and certificate under mount ~/volume

ca.cert
privkey.pem.gpg

TABRMD-INIT container

INPUT

This container expects encrypted password,passphrase, srkhandle and tpm_status.yaml under ~/volume/host_<host name>

srkhandle

tpm_status.yaml

OUTPUT

This will output SRK public key under ~/volume/host_<host name>/out_parent_public and updates tpm_status.yaml file

CA Container

INPUT

upin and sopin under ~/volume/host_<hostname>

upin

sopin

This container expects following files under ~/volume/host_<host name> for TPM capable host

srkhandle

password.txt.gpg - TPM import key password

password - passphrase

ca.cert
dupEncKey
dupPriv
dupPub
dupSymseed

Expects following files under ~/vloume/host_<host name> for Softhsm only system

ca.cert

privkey-passphrase
privkey.pem.gpg

OUTPUT

none

Input and Output of each container from OOM prosepective

TABRMD-INIT container

CA Container