On 05.09.2011 04:36:29, +0200, Sandy Harris wrote:
Hi Sandy,
> On Fri, Sep 2, 2011 at 10:37 PM, Jarod Wilson wrote:
>
>> Certain security-related certifications and their respective review
>> bodies have said that they find use of /dev/urandom for certain
>> functions, such as setting up ssh c
Please ignore this patch. It was sent by mistake...
Check:
evm: digital signature verification support
- Dmitry
On Tue, Sep 6, 2011 at 4:11 PM, Dmitry Kasatkin
wrote:
> When building an image, which has to be flashed to different devices,
> an HMAC cannot be used to sign file metadata, as the HM
When building an image, which has to be flashed to different devices,
an HMAC cannot be used to sign file metadata, as the HMAC key is different
on every device. File metadata can be protected using digital signature.
This patch enables RSA signature based integrity verification.
Signed-off-by: Dm
This option enables digital signature verification support for EVM.
With this feature file metadata can be protected using digital
signature instead of HMAC. When building an image,
which has to be flashed to different devices, an HMAC cannot
be used to sign file metadata, because the HMAC key is d
This patch implements RSA digital signature verification using GnuPG library.
Signature and public key have a special format and have special headers.
Signature header contains keyid, which is used to identify the key,
needed for signature verification.
Payload of the signature and the key are mul
Hello,
Updated before LSS.
Changes to version 1.1:
- GnuPG MPI library has been refactored with lindent and checkpatch errors
and warnings has been fixed.
- creation of evm keyring has been remove. It is done now in user space.
- related ksign and evm patches has been squashed.
- patch descript