diff options
author | Juerg Haefliger <juerg.haefliger@hpe.com> | 2016-02-04 12:09:25 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2016-02-18 17:20:48 +0000 |
commit | e5a2e3c8478215aea5b4c58e6154f1b6b170b0ca (patch) | |
tree | 27033f09f9cb85c971a52bca150318d46f60dcc5 /certs | |
parent | a1f2bdf338f15dbad10ee6362891ebf79244858b (diff) | |
download | lwn-e5a2e3c8478215aea5b4c58e6154f1b6b170b0ca.tar.gz lwn-e5a2e3c8478215aea5b4c58e6154f1b6b170b0ca.zip |
scripts/sign-file.c: Add support for signing with a raw signature
This patch adds support for signing a kernel module with a raw
detached PKCS#7 signature/message.
The signature is not converted and is simply appended to the module so
it needs to be in the right format. Using openssl, a valid signature can
be generated like this:
$ openssl smime -sign -nocerts -noattr -binary -in <module> -inkey \
<key> -signer <x509> -outform der -out <raw sig>
The resulting raw signature from the above command is (more or less)
identical to the raw signature that sign-file itself can produce like
this:
$ scripts/sign-file -d <hash algo> <key> <x509> <module>
Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'certs')
0 files changed, 0 insertions, 0 deletions