path: root/Documentation/security/keys.txt
diff options
authorDavid Howells <dhowells@redhat.com>2015-10-21 14:04:47 +0100
committerDavid Howells <dhowells@redhat.com>2015-10-21 15:18:36 +0100
commit4adc605edc5f744dcf432241b5996ff6a13d868c (patch)
tree581776e01a230bdfbf67e4438bf1e995f105f7b0 /Documentation/security/keys.txt
parentKEYS: Provide a script to extract the sys cert list from a vmlinux file (diff)
KEYS: Provide a script to extract a module signature
The supplied script takes a signed module file and extracts the tailmost signature (there could theoretically be more than one) and dumps all or part of it or the unsigned file to stdout. Call as: scripts/extract-module-sig.pl -[0adnks] module-file >out where the initial flag indicates which bit of the signed file you want dumping to stdout: (*) "-0". Dumps the unsigned data with the signature stripped. (*) "-a". Dumps all of the signature data, including the magic number. (*) "-d". Dumps the signature information block as a sequence of decimal numbers in text form with spaces between (crypto algorithm type, hash type, identifier type, signer's name length, key identifier length and signature length). (*) "-n". Dumps the signer's name contents. (*) "-k". Dumps the key identifier contents. (*) "-s". Dumps the cryptographic signature contents. In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will print a warning to stderr and dump nothing to stdout, but will otherwise complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d" will show "0 0 2 0 0 <pkcs#7-msg-len>". Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'Documentation/security/keys.txt')
0 files changed, 0 insertions, 0 deletions