As part of our sha-256 efforts, we're trying to sign rpms with a sha-2 digest. I'm attempting to sign packages with a RSA key that is size 4096, the biggest possible. However I'm running into problems importing this into koji, due to my local signing software haven stolen come code from koji to determine what the sigkey is. The koji code makes an assumption about where the key ID exists in the signature header, and it seems this assumption is wrong when larger keys are used.
Mitr who has been helping me says that for a quick hack, when getting the key chunk out of the hex, we can assume that sigkey[13:17] works if sigkey[0] is 0x88, but if 0 is 0x89, we have to go to 14:18. This comes up a few times in koji code, so I thought some discussion was in order before setting off to make a patch. Is there anything better we can do instead of snaking raw data out of headers? -- Jesse Keating Fedora -- FreedomĀ² is a feature! identi.ca: http://identi.ca/jkeating
signature.asc
Description: This is a digitally signed message part
-- Fedora-buildsys-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
