diff options
author | David Howells <dhowells@redhat.com> | 2015-10-21 16:04:47 +0300 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2015-10-21 17:18:36 +0300 |
commit | 4adc605edc5f744dcf432241b5996ff6a13d868c (patch) | |
tree | 581776e01a230bdfbf67e4438bf1e995f105f7b0 /Documentation/security/keys.txt | |
parent | 2221a6ee73e7c8f43af802a1ef9426d4b0d122d3 (diff) | |
download | linux-4adc605edc5f744dcf432241b5996ff6a13d868c.tar.xz |
KEYS: Provide a script to extract a module signature
The supplied script takes a signed module file and extracts the tailmost
signature (there could theoretically be more than one) and dumps all or
part of it or the unsigned file to stdout.
Call as:
scripts/extract-module-sig.pl -[0adnks] module-file >out
where the initial flag indicates which bit of the signed file you want dumping
to stdout:
(*) "-0". Dumps the unsigned data with the signature stripped.
(*) "-a". Dumps all of the signature data, including the magic number.
(*) "-d". Dumps the signature information block as a sequence of decimal
numbers in text form with spaces between (crypto algorithm type,
hash type, identifier type, signer's name length, key identifier
length and signature length).
(*) "-n". Dumps the signer's name contents.
(*) "-k". Dumps the key identifier contents.
(*) "-s". Dumps the cryptographic signature contents.
In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will
print a warning to stderr and dump nothing to stdout, but will otherwise
complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d"
will show "0 0 2 0 0 <pkcs#7-msg-len>".
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'Documentation/security/keys.txt')
0 files changed, 0 insertions, 0 deletions