Hello,
Updated before LSS.
Changes to version 1.1:
- GnuPG MPI library has been refactored with lindent and checkpatch errors
and warnings has been fixed.
- creation of evm keyring has been remove. It is done now in user space.
- related ksign and evm patches has been squashed.
- patch
This patch implements RSA digital signature verification using GnuPG library.
Signature and public key have a special format and have special headers.
Signature header contains keyid, which is used to identify the key,
needed for signature verification.
Payload of the signature and the key are
When building an image, which has to be flashed to different devices,
an HMAC cannot be used to sign file metadata, as the HMAC key is different
on every device. File metadata can be protected using digital signature.
This patch enables RSA signature based integrity verification.
Signed-off-by:
Please ignore this patch. It was sent by mistake...
Check:
evm: digital signature verification support
- Dmitry
On Tue, Sep 6, 2011 at 4:11 PM, Dmitry Kasatkin
dmitry.kasat...@intel.com wrote:
When building an image, which has to be flashed to different devices,
an HMAC cannot be used to sign
On 05.09.2011 04:36:29, +0200, Sandy Harris sandyinch...@gmail.com wrote:
Hi Sandy,
On Fri, Sep 2, 2011 at 10:37 PM, Jarod Wilson ja...@redhat.com wrote:
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain