1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# Check we can create ecdsa keys
exec ssh-tpm-keygen
exists .ssh/id_ecdsa.pub
exists .ssh/id_ecdsa.tpm
rm .ssh
# Check that we can create RSA keys
exec ssh-tpm-keygen -t rsa
exists .ssh/id_rsa.pub
exists .ssh/id_rsa.tpm
rm .ssh
# Check if we can give it a new name
stdin save_name.txt
exec ssh-tpm-keygen
exists .ssh/new_name.tpm
exists .ssh/new_name.pub
rm .ssh
# Change passphrase
exec ssh-tpm-keygen -N 1234
exec ssh-tpm-keygen -p -N 1234 -P 12345 -f .ssh/id_ecdsa.tpm
stdout 'new passphrase'
rm .ssh
# Create ssh key and import as TSS keys
exec ssh-keygen -t ecdsa -f id_ecdsa -N ''
exec ssh-tpm-keygen --import id_ecdsa -f id_ecdsa_tpm
exists id_ecdsa
exists id_ecdsa.pub
exists id_ecdsa_tpm.tpm
# Wrap a key with an EK and import the key
getekcert
exists srk.pem
exec ssh-keygen -t ecdsa -b 256 -N '' -f ./ecdsa.key
exec ssh-tpm-keygen --wrap-with srk.pem --wrap ecdsa.key -f wrapped_id_ecdsa
exec ssh-tpm-keygen --import ./wrapped_id_ecdsa.tpm -f unwrapped_id_ecdsa
exists unwrapped_id_ecdsa.tpm
# Create hostkeys
exec mkdir -p test/etc/ssh
exec ssh-tpm-keygen -A -f test
exists test/etc/ssh/ssh_tpm_host_rsa_key.tpm
exists test/etc/ssh/ssh_tpm_host_ecdsa_key.tpm
rm test
# Create hierarchy hostkeys
exec mkdir -p test/etc/ssh
exec ssh-tpm-keygen -A -f test --hierarchy owner
exists test/etc/ssh/ssh_tpm_host_rsa_key.pub
exists test/etc/ssh/ssh_tpm_host_ecdsa_key.pub
rm test
-- save_name.txt --
.ssh/new_name
|
