Re: [RFC 1/1] ima: digital signature verification using asymmetric keys

On Fri, Jan 25, 2013 at 11:01 PM, Vivek Goyal vgo...@redhat.com wrote: Hi, I am trying to read and understand IMA code. How does digital signature mechanism work. IIUC, evmctl will install a file's signature in security.ima. And later process_measurement() will do following. Calculate

Re: [RFC 1/1] ima: digital signature verification using asymmetric keys

On Mon, Jan 28, 2013 at 04:54:06PM +0200, Kasatkin, Dmitry wrote: On Fri, Jan 25, 2013 at 11:01 PM, Vivek Goyal vgo...@redhat.com wrote: Hi, I am trying to read and understand IMA code. How does digital signature mechanism work. IIUC, evmctl will install a file's signature in

Re: [RFC 1/1] ima: digital signature verification using asymmetric keys

On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote: [..] Ok. I am hoping that it will be more than the kernel command line we support. In the sense that for digital signatures one needs to parse the signature, look at what hash algorithm has been used and then collect the

Re: [RFC 1/1] ima: digital signature verification using asymmetric keys

On Mon, 2013-01-28 at 13:52 -0500, Vivek Goyal wrote: On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote: [..] Ok. I am hoping that it will be more than the kernel command line we support. In the sense that for digital signatures one needs to parse the signature, look at

Re: [RFC 1/1] ima: digital signature verification using asymmetric keys

On Mon, 2013-01-28 at 13:56 -0500, Vivek Goyal wrote: On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote: [..] Ok. I am hoping that it will be more than the kernel command line we support. In the sense that for digital signatures one needs to parse the signature, look at

Re: [RFC 1/1] ima: digital signature verification using asymmetric keys

On Mon, Jan 28, 2013 at 03:15:49PM -0500, Mimi Zohar wrote: On Mon, 2013-01-28 at 13:56 -0500, Vivek Goyal wrote: On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote: [..] Ok. I am hoping that it will be more than the kernel command line we support. In the sense that

Re: [RFC 1/1] ima: digital signature verification using asymmetric keys

On Mon, 2013-01-28 at 15:13 -0500, Vivek Goyal wrote: On Mon, Jan 28, 2013 at 02:51:34PM -0500, Mimi Zohar wrote: On Mon, 2013-01-28 at 13:52 -0500, Vivek Goyal wrote: On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote: [..] Ok. I am hoping that it will be more than

Re: [RFC 1/1] ima: digital signature verification using asymmetric keys

On Mon, 2013-01-28 at 15:22 -0500, Vivek Goyal wrote: On Mon, Jan 28, 2013 at 03:15:49PM -0500, Mimi Zohar wrote: On Mon, 2013-01-28 at 13:56 -0500, Vivek Goyal wrote: On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote: [..] Ok. I am hoping that it will be more than