readme.md

@@ -17,31 +17,8 @@ The setup was mostly done by following these two guides:
 ### Required Software
 
 * OpenSSL
-* libp11
 * [YKCS11](https://developers.yubico.com/yubico-piv-tool/YKCS11/)
-  *[AUR Link](https://aur.archlinux.org/packages/ykcs11-p11-kit-module)
+  * [AUR Link](https://aur.archlinux.org/packages/ykcs11-p11-kit-module)
-
-**macOS note:** openssl installed via homebrew does not pickup on libp11, you need to manually copy the pkcs11 library (update the versions):
-`cp /opt/homebrew/Cellar/libp11/0.4.12/lib/engines-3/pkcs11.dylib /opt/homebrew/Cellar/openssl@3/3.2.1/lib/engines-3/`
-
-### Environment Variables
-
-These must be set for all openssl operations.
-
-Linux:
-
-- `PKCS11_MODULE_PATH="/usr/lib/libykcs11.so"`
-
-macOS:
-
-- `PKCS11_MODULE_PATH="/opt/homebrew/lib/libykcs11.dylib"`
-
-### Setting up a new yubikey
-
-The signing key on a yubikey is stored in slot 9a. On a new yubikey this slot is empty.
-
-To generate a new key, run the following command:
-`yubico-piv-tool -a generate -s 9a -A ECCP384`
 
 ### Generating the Root
 
@@ -54,6 +31,9 @@ echo 1000 > serial
 echo 1000 > crlnumber
 # OpenSSL CA config file
 vim config/ca.conf
+# Setting up PKCS11
+export PKCS11_MODULE_PATH="/usr/lib/libykcs11.so"
+export MODULE_PATH="/usr/lib/libykcs11.so"
 # Generating the root
 openssl req -new -x509 -days 8000 -sha256 -extensions v3_ca -engine pkcs11 -keyform engine -key "pkcs11:object=Private key for PIV Authentication" -out certs/root.ca.cert.pem
 ```