diff options
author | Gaurav Shah <gauravsh@chromium.org> | 2010-10-29 10:59:50 -0700 |
---|---|---|
committer | Gaurav Shah <gauravsh@chromium.org> | 2010-10-29 10:59:50 -0700 |
commit | 068fc6f251bc80190ad976d18ffe4726a3f33026 (patch) | |
tree | d9e49579d2ca23b3ec38c829207cda70b634acc7 /tests/external_rsa_signer.sh | |
parent | 10fce4aa5d30f5cfcff5371f0a097165dd5901a7 (diff) | |
download | vboot-068fc6f251bc80190ad976d18ffe4726a3f33026.tar.gz |
Add support for using external signing application and .pem private key files to vbutil_keyblock.
This allows signing using a .pem file using an external program.
It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program.
Example usage:
vbutil_keyblock --pack 4096.keyblock \
--datapubkey 4096.vbpubk \
--signprivate_pem 4096.pem \
--pem_algorithm 8 \
--externalsigner "external_rsa_signer.sh"
I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface).
BUG=7576
TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer.
To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh)
Review URL: http://codereview.chromium.org/4194003
Change-Id: I7cc52c8293c04ef9ba074794d046c9a4f19f6bdd
Diffstat (limited to 'tests/external_rsa_signer.sh')
-rwxr-xr-x | tests/external_rsa_signer.sh | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/external_rsa_signer.sh b/tests/external_rsa_signer.sh new file mode 100755 index 00000000..0724b878 --- /dev/null +++ b/tests/external_rsa_signer.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +if [ $# -ne 1 ]; then + echo "Usage: $0 <private_key_pem_file>" + echo "Reads data to sign from stdin, encrypted data is output to stdout" + exit 1 +fi + +openssl rsautl -sign -inkey $1 |