Input and Output of each container from OOM prosepective


Admin creates the primary key by calling utility script create_primary.sh on the tpm capable host. Provides the key password to the OOM which will be passed on to the CA container for key import.



Distribution center container

INPUT

This container expects list of SRK public keys for each host under ~/volume/host_<host name>/out_parent_public and passphrase under ~/volume/passphrase

OUTPUT

This will output the following files under mount ~/volume/host_<host name> for each host

ca.cert
dupEncKey
dupPriv
dupPub
dupSymseed

Encrypted private key and certificate under mount ~/volume

ca.cert
privkey.pem.gpg



TABRMD-INIT container

INPUT 

This container expects srkhandle and  tpm_status.yaml under ~/volume/host_<host name> 

srkhandle

tpm_status.yaml



OUTPUT

This will output SRK public key under ~/volume/host_<host name>/out_parent_public and updates tpm_status.yaml file



CA Container

INPUT

upin and sopin under ~/volume/host_<hostname> 

       upin

       sopin

This container expects following files under ~/volume/host_<host name> for TPM capable host

srkhandle

password.txt.gpg - TPM import key password 

password - passphrase 

ca.cert
dupEncKey
dupPriv
dupPub
dupSymseed

Expects following files under ~/vloume/host_<host name> for Softhsm only system

ca.cert

privkey-passphrase
privkey.pem.gpg

OUTPUT

none