On 10 February 2021 07:45:54 GMT, Yang Song <[email protected]> wrote:
>Use a customized signature service supported by openssl engine
>to sign the kernel module.
>Add command line parameters that support engine for sign-file
>to use the customized openssl engine service to sign kernel modules.
>
>Signed-off-by: Yang Song <[email protected]>
Aren't engines already obsolete in the latest versions of OpenSSL, as well as
being an implementation detail of one particular crypto library? They aren't
really a concept we should be exposing in *our* user interface.
Better to make sign-file automatically recognise RFC7512 PKCS#11 URIs and
handle them by automatically loading the PKCS#11 engine.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
