Automation for token rollout

I admit. This indeed is not token specific topic, but often rather helpful.

To be able to automate a process of e.g. token rollout, you often have to enter the PIN of the token several times - for generating the key pair, for generating the CSR, for loading the signed certificate to the token.

Expect

Expect lets you automate the user inputs. A script that would list the Objects on the token could look like this (I admit, pkcs11-tool has a option to enter the pin at the command line. Just take it as an example ;-) 

  #!/usr/bin/expect -f
  spawn pkcs11-tool --module /usr/local/lib/libetpkcs11.so -l -O
  # Watch for the PIN input
  expect PIN:
  # Your PIN
  send "MyPin\r"
  # let the process time to end...
  expect { eof    abort   }

Random PIN

If you like to initialize the token when enrolling it with a random PIN, you also could take the tool mkpasswd from the Expect package.

None: HowTos/Automation (last edited 2008-09-12 12:59:37 by localhost)