add P11-Module and set default variable

2022-09-10 08:56:37 +02:00 · 2022-09-10 08:56:37 +02:00 · df6d276961
commit df6d276961
parent 2ab88b7780
1 changed files with 4 additions and 2 deletions
--- a/bin/signpubkey
+++ b/bin/signpubkey
@ -4,13 +4,14 @@
 usage() {
    cat << EOF
-    Usage: $(dirname $0) [-n|--principals] <principal>[,<principal>[,<principal>[,...]]] [-V|--valid-time] <TIME> [-s|--serialnumber] <INT> [-S|-serialnumber-file] <filename> [-I|--identity] [--dry-run] <identity> publickey
+    Usage: $(dirname $0) [-t|--hsm] [-U|-H] [-n|--principals] <principal>[,<principal>[,<principal>[,...]]] [-V|--valid-time] <TIME> [-s|--serialnumber] <INT> [-S|-serialnumber-file] <filename> [-I|--identity] <identity> [--dry-run] <publickey>
 EOF
 }
 default_serialnumberfile="${HOME}/ssh-ca/serialnumbers/serialnumber"
 host_or_user=user
 set -- $(getopt -u -o hHn:V:s:S:I:tU --long help,host,user,principals:,valid-time:,serialnumber:,serialnumber-file:,identity:,hms,dry-run -- "$@"|| exit $?)
@ -18,6 +19,7 @@ while : ;do
    case $1 in
        -h|--help)
            usage
            exit 0
            break
            ;;
        -H|host)
@ -91,7 +93,7 @@ case $host_or_user in
 esac
 if ${hms:-false};then
-    echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
+    echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
    [ $DRY ] || ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
 else
    echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"