mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-07-02 21:53:17 +02:00
Read keyid from the cert appended to the key file
Allow to have certificate appended to the private key of `--key' specified (PEM) file (for v2 signing) to facilitate reading of keyid from the associated cert. This will allow users to have private and public key as a single file and avoid the need of manually specifying keyid. There is no check that public key form the cert matches associated private key. Signed-off-by: Vitaly Chikunov <vt@altlinux.org> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov
committed by
Mimi Zohar
Mimi Zohar
parent
0e7a00e26b
commit
40621b2259
3
README
3
README
@ -128,6 +128,9 @@ for signing and importing the key.
|
||||
Second key format uses X509 DER encoded public key certificates and uses asymmetric key support
|
||||
in the kernel (since kernel 3.9). CONFIG_INTEGRITY_ASYMMETRIC_KEYS must be enabled (default).
|
||||
|
||||
For v2 signatures x509 certificate (containing the public key) could be appended to the
|
||||
private key (they both are in PEM format) to automatically extract keyid from its Subject
|
||||
Key Identifier (SKID).
|
||||
|
||||
Integrity keyrings
|
||||
----------------
|
||||
|
||||
Reference in New Issue
Block a user