[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150519161902.GC23057@wotan.suse.de>
Date: Tue, 19 May 2015 18:19:02 +0200
From: "Luis R. Rodriguez" <mcgrof@...e.com>
To: David Howells <dhowells@...hat.com>
Cc: rusty@...tcorp.com.au, mmarek@...e.cz, mjg59@...f.ucam.org,
keyrings@...ux-nfs.org, dmitry.kasatkin@...il.com,
linux-kernel@...r.kernel.org, seth.forshee@...onical.com,
linux-security-module@...r.kernel.org, dwmw2@...radead.org
Subject: Re: sign-file and detached PKCS#7 firmware signatures
On Tue, May 19, 2015 at 10:25:24AM +0100, David Howells wrote:
> Luis R. Rodriguez <mcgrof@...e.com> wrote:
>
> > There's a missing -binary argument here, other than that this works fine.
>
> Good point.
>
> > > >$PKCS7_MESSAGE_FILE_IN_DER_FORM
> >
> > I however cannot figure out how to use openssl to verify this signature.
>
> Something like:
>
> openssl smime -verify \
> -in $PKCS7_MESSAGE_FILE_IN_DER_FORM \
> -inform DER \
> -content $FIRMWARE_BLOB_NAME \
> -inkey $PRIVATE_KEY_FILE_IN_PEM_FORM \
> -signer $X509_CERT_FILE_IN_PEM_FORM
>
> I would guess.
I tried a few things and no luck with that.
Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists