lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Feb 2016 17:23:38 +0000 From: David Howells <dhowells@...hat.com> To: Juerg Haefliger <juerg.haefliger@....com> Cc: dhowells@...hat.com, linux-kernel@...r.kernel.org, keyrings@...r.kernel.org, dwmw2@...radead.org Subject: Re: [PATCH v2] scripts/sign-file.c: Add support for signing with a raw signature Juerg Haefliger <juerg.haefliger@....com> wrote: > This patch adds support for signing a kernel module with a raw > detached PKCS#7 signature/message. > > The signature is not converted and is simply appended to the module so > it needs to be in the right format. Using openssl, a valid signature can > be generated like this: > $ openssl smime -sign -nocerts -noattr -binary -in <module> -inkey \ > <key> -signer <x509> -outform der -out <raw sig> > > The resulting raw signature from the above command is (more or less) > identical to the raw signature that sign-file itself can produce like > this: > $ scripts/sign-file -d <hash algo> <key> <x509> <module> > > Signed-off-by: Juerg Haefliger <juerg.haefliger@....com> Applied. David
Powered by blists - more mailing lists