projects / firefly-linux-kernel-4.4.55.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 60d65ca) | patch
sign-file: Generate CMS message as signature instead of PKCS#7
authorDavid Howells <dhowells@redhat.com>
Mon, 20 Jul 2015 20:16:33 +0000 (21:16 +0100)
committerDavid Howells <dhowells@redhat.com>
Wed, 12 Aug 2015 16:01:01 +0000 (17:01 +0100)
commited8c20762a314124cbdd62e9d3e8aa7aa2a16020
treec92b41d3ff5f5971061631459029edadae904df6tree | snapshot
parent60d65cacd7c2d84a6dcad69bcb57bbf0220c8643commit | diff
sign-file: Generate CMS message as signature instead of PKCS#7

Make sign-file use the OpenSSL CMS routines to generate a message to be
used as the signature blob instead of the PKCS#7 routines.  This allows us
to change how the matching X.509 certificate is selected.  With PKCS#7 the
only option is to match on the serial number and issuer fields of an X.509
certificate; with CMS, we also have the option of matching by subjectKeyId
extension.  The new behaviour is selected with the "-k" flag.

Without the -k flag specified, the output is pretty much identical to the
PKCS#7 output.

Whilst we're at it, don't include the S/MIME capability list in the message
as it's irrelevant to us.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-By: David Woodhouse <David.Woodhouse@intel.com
scripts/sign-file.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.