randomoracle/piv_decrypt.sh Secret

## piv_decrypt.sh
#!/bin/bash
set -euo pipefail

CIPHERTEXT_IN=${1-"/dev/stdin"}
PLAINTEXT_OUT=${2-"/dev/stdout"}

CERT_LOCATION=`mktemp /tmp/PIV_certificate_XXXXXX`

# TODO: Override this to use other key-slots
ENC_KEY_ID="01"

pkcs15-tool -r $ENC_KEY_ID > $CERT_LOCATION
openssl > /dev/null <<EOF
engine -t dynamic -pre SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
cms -decrypt -engine pkcs11 -inkey 1:$ENC_KEY_ID -keyform ENGINE -recip $CERT_LOCATION -in $CIPHERTEXT_IN -out $PLAINTEXT_OUT
EOF
rm $CERT_LOCATION
	#!/bin/bash
	set -euo pipefail

	CIPHERTEXT_IN=${1-"/dev/stdin"}
	PLAINTEXT_OUT=${2-"/dev/stdout"}

	CERT_LOCATION=`mktemp /tmp/PIV_certificate_XXXXXX`

	# TODO: Override this to use other key-slots
	ENC_KEY_ID="01"

	pkcs15-tool -r $ENC_KEY_ID > $CERT_LOCATION
	openssl > /dev/null <<EOF
	engine -t dynamic -pre SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
	cms -decrypt -engine pkcs11 -inkey 1:$ENC_KEY_ID -keyform ENGINE -recip $CERT_LOCATION -in $CIPHERTEXT_IN -out $PLAINTEXT_OUT
	EOF
	rm $CERT_LOCATION