dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-07-01 21:31:14 +02:00
Code Releases Activity

Allow manual setting keyid from a cert file

Browse Source 
Allow user to specify `--keyid-from-cert cert.pem' to extract keyid from
SKID of the certificate file. PEM or DER format is auto-detected.

This commit creates ABI change for libimaevm, due to adding new function
ima_read_keyid(). Newer clients cannot work with older libimaevm.
Together with previous commit it creates backward-incompatible ABI
change, thus soname should be incremented on release.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov
2021-07-16 18:16:01 +03:00
committed by Mimi Zohar
parent 51b694bfea
commit 0e7a00e26b
5 changed files with 132 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README
View File

@ -49,6 +49,8 @@ OPTIONS
--rsa use RSA key type and signing scheme v1
-k, --key path to signing key (default: /etc/keys/{privkey,pubkey}_evm.pem)
--keyid n overwrite signature keyid with a 32-bit value in hex (for signing)
--keyid-from-cert file
read keyid value from SKID of a x509 cert file
-o, --portable generate portable EVM signatures
-p, --pass password for encrypted signing key
-r, --recursive recurse into directories (sign)