| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54C22891.6070506@suse.cz> Date: Fri, 23 Jan 2015 11:55:13 +0100 From: Michal Marek <mmarek@...e.cz> To: Alexander Holler <holler@...oftware.de>, linux-kernel@...r.kernel.org CC: linux-kbuild@...r.kernel.org, David Howells <dhowells@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH] modsign: provide option to automatically delete the key after modules were installed On 2015-01-23 11:15, Alexander Holler wrote: > Am 23.01.2015 um 10:39 schrieb Alexander Holler: >> Am 23.01.2015 um 10:24 schrieb Michal Marek: >> >>>> + @rm ./signing_key.priv >>>> + @rm ./signing_key.x509 >>> >>> Why do you need to delete the certificate? >> >> No special reason. >> >> I'm just not sure (and too lazy to look it up) if it might contain the >> private key too (like it's possible in pem files), so I've deleted it too. > > Or in other words, while .priv leads me to the educated guess that it > contains the private key, .x509 doesn't give me an obvious indication > what it contains. > > If someone assures me that .x509 doesn't contain the private key > necessary to sign the modules, I'll send a v2 of the patch. The .x509 file contains a certificate signed by the private key, but not the private key. With some scripting, it can be used to verify the module signatures. Michal -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists