scion-pki trc sign

Sign a TRC

Synopsis

‘sign’ signs a TRC payload with the signing key and signing certificate.

Voting, proof-of-possession, and root acknowledgement signatures can be added by using the corresponding signing keys and certificates.

By default, the resulting signed object is written to a file with the following naming pattern::

ISD<isd>-B<base_version>-S<serial_number>.<signing-isd_as>-<signature-type>.trc

An alternative name can be specified with the –out flag.

If ‘dummy’ is provided as the payload file, a dummy TRC payload is signed. This is useful for testing access to the necessary cryptographic material, especially in preparation for a TRC signing ceremony.

scion-pki trc sign <payload_file> <crt_file> <key_file> [flags]

Examples

  scion-pki trc sign ISD1-B1-S1.pld.der sensitive-voting.crt sensitive-voting.key
  scion-pki trc sign ISD1-B1-S1.pld.der regular-voting.crt regular-voting.key --out ISD1-B1-S1.regular.trc

Options

  -h, --help             help for sign
      --kms string       The uri to configure a Cloud KMS or an HSM.
  -o, --out string       Output file path. If --out is set, --out-dir is ignored.
      --out-dir string   Output directory. If --out is set, --out-dir is ignored. (default ".")

SEE ALSO

• scion-pki trc - Manage TRCs for the SCION control plane PKI