-
-
Save randomoracle/2fb75fa4dc231916d667 to your computer and use it in GitHub Desktop.
Decrypt data using PIV authentication certificate via opensc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euo pipefail | |
CIPHERTEXT_IN=${1-"/dev/stdin"} | |
PLAINTEXT_OUT=${2-"/dev/stdout"} | |
CERT_LOCATION=`mktemp /tmp/PIV_certificate_XXXXXX` | |
# TODO: Override this to use other key-slots | |
ENC_KEY_ID="01" | |
pkcs15-tool -r $ENC_KEY_ID > $CERT_LOCATION | |
openssl > /dev/null <<EOF | |
engine -t dynamic -pre SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so | |
cms -decrypt -engine pkcs11 -inkey 1:$ENC_KEY_ID -keyform ENGINE -recip $CERT_LOCATION -in $CIPHERTEXT_IN -out $PLAINTEXT_OUT | |
EOF | |
rm $CERT_LOCATION |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment