AAF integration changes

Owned by Manjunath Ranganathaiah (Deactivated)
Last updated: Sept 05, 2018
1 min read



  • Modified softhsm, TPM plugin and import tool will be pre-installed and come from the base image

  • During the AAF/CM/CA container init, run import.sh and sub scripts to import the CA key to either softhsm or TPM

    • Needs a mount volume to present the pins, formatted keys, srkhandle and import password  for TPM import

    • Needs a mount volume to present the pins, encrypted private key and passphrase for the Softhsm import

  • Create org.osaaf.cm.pkcs11 file under ~/oom/kubernetes/aaf/resources/config/local/

  • Change property file under ~/oom/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props 

    •  point to .pkcs11 file 

    • alias 

    • encrypted upin

  • During the LocalCA instantiation, path to pkcs11 config file, alias  and the keystore pin is passed in through list of paramas 

    • Using these, LocalCA will add the pkcs11 provider

    • load the pkcs11 keystore

    • get the CA key