Add command for importing objects into a PKCS#11 token

The import-object command allows users to import certificates or public keys into a pkcs#11 token by providing a PEM file. usage: p11-kit import-object --file=<file.pem> [--label=<label>] [--login] pkcs11:token Signed-off-by: Zoltan Fridrich <[email protected]>
p11-glue · Oct 19, 2023 · 7267ff9 · 7267ff9
1 parent cced2d9
commit 7267ff9
Show file tree

Hide file tree

Showing 8 changed files with 789 additions and 2 deletions.
diff --git a/bash-completion/p11-kit b/bash-completion/p11-kit
@@ -10,7 +10,7 @@ _p11-kit()
         COMPREPLY=( $(compgen -W "$opts" -- "$cur") )
         return
     elif [[ $cword -eq 1 ]]; then
-        local commands='list-mechanisms generate-keypair export-object delete-object list-objects add-profile delete-profile list-profiles list-modules list-tokens print-config extract server remote'
+        local commands='list-mechanisms generate-keypair import-object export-object delete-object list-objects add-profile delete-profile list-profiles list-modules list-tokens print-config extract server remote'
         COMPREPLY=( $(compgen -W "$commands" -- "$cur") )
     fi
 } &&

diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml
@@ -38,6 +38,9 @@
 	<cmdsynopsis>
 		<command>p11-kit list-objects</command> ...
 	</cmdsynopsis>
+	<cmdsynopsis>
+		<command>p11-kit import-object</command> ...
+	</cmdsynopsis>
 	<cmdsynopsis>
 		<command>p11-kit export-object</command> ...
 	</cmdsynopsis>
@@ -138,6 +141,20 @@ $ p11-kit list-objects pkcs11:token
 
 </refsect1>
 
+<refsect1 id="p11-kit-import-object">
+	<title>Import Object</title>
+
+	<para>Import object into a PKCS#11 token.</para>
+
+<programlisting>
+$ p11-kit import-object --file=file.pem &lsqb;--label=label&rsqb; &lsqb;--login&rsqb; pkcs11:token
+</programlisting>
+
+	<para>This takes either a X.509 certificate or a public key in form of a PEM file
+	and imports it into PKCS#11 token that matches given URI.</para>
+
+</refsect1>
+
 <refsect1 id="p11-kit-export-object">
 	<title>Export Object</title>
 
@@ -171,7 +188,7 @@ $ p11-kit delete-object pkcs11:token
 	<para>Generate key-pair on a PKCS#11 token.</para>
 
 <programlisting>
-    $ p11-kit generate-keypair &lsqb;--label=label&rsqb; --type=algorithm &lcub;--bits=n|--curve=name&rcub; pkcs11:token
+$ p11-kit generate-keypair &lsqb;--label=label&rsqb; --type=algorithm &lcub;--bits=n|--curve=name&rcub; pkcs11:token
 </programlisting>
 
 	<para>Generate private-public key-pair of given type on specified PKCS#11 token.

diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am
@@ -266,6 +266,7 @@ p11_kit_p11_kit_SOURCES = \
 	p11-kit/delete-profile.c \
 	p11-kit/export-object.c \
 	p11-kit/generate-keypair.c \
+	p11-kit/import-object.c \
 	p11-kit/list-objects.c \
 	p11-kit/list-profiles.c \
 	p11-kit/list-mechanisms.c \
@@ -431,6 +432,7 @@ sh_tests += \
 if WITH_ASN1
 sh_tests += \
 	p11-kit/test-export-public.sh \
+	p11-kit/test-import-public.sh \
 	p11-kit/test-profiles.sh \
 	$(NULL)
 endif
@@ -632,6 +634,7 @@ EXTRA_DIST += \
 	p11-kit/test-server.sh \
 	p11-kit/test-list-tokens.sh \
 	p11-kit/test-export-public.sh \
+	p11-kit/test-import-public.sh \
 	p11-kit/test-list-mechanisms.sh \
 	p11-kit/test-generate-keypair.sh \
 	$(NULL)