From: Martin Domig <[email protected]> Only import the public key in cs_import_pubkey_from_pem, as without the -pubin flag the 'openssl pkey' command tries to import a private key. This is a problem, when only the public key is available in the PEM file (e.g. production key instead of a development key). This results in the following error:
Could not find private key of key from pubkey.pem 40238C2FB57F0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:160:provider=default >From the man page of `openssl pkey` the -pubin flag also works with a private key input. In this case openssl will only read the public part. Signed-off-by: Martin Domig <[email protected]> Co-developed-by: Sven Püschel <[email protected]> Signed-off-by: Sven Püschel <[email protected]> --- scripts/lib/ptxd_lib_code_signing.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh index c7bcfc257..aa4ef9984 100644 --- a/scripts/lib/ptxd_lib_code_signing.sh +++ b/scripts/lib/ptxd_lib_code_signing.sh @@ -237,7 +237,7 @@ cs_import_pubkey_from_pem() { openssl pkey \ "${openssl_keyopt[@]}" \ - -in "${pem}" -inform pem -pubout -outform der -out "/proc/self/fd/${tmpfd}" + -pubin -in "${pem}" -inform pem -pubout -outform der -out "/proc/self/fd/${tmpfd}" softhsm_pkcs11_tool --type pubkey --write-object "/proc/self/fd/${tmpfd}" --label "${role}" check_pipe_status } -- 2.47.3
