From 068fc6f251bc80190ad976d18ffe4726a3f33026 Mon Sep 17 00:00:00 2001 From: Gaurav Shah Date: Fri, 29 Oct 2010 10:59:50 -0700 Subject: Add support for using external signing application and .pem private key files to vbutil_keyblock. This allows signing using a .pem file using an external program. It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program. Example usage: vbutil_keyblock --pack 4096.keyblock \ --datapubkey 4096.vbpubk \ --signprivate_pem 4096.pem \ --pem_algorithm 8 \ --externalsigner "external_rsa_signer.sh" I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface). BUG=7576 TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer. To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh) Review URL: http://codereview.chromium.org/4194003 Change-Id: I7cc52c8293c04ef9ba074794d046c9a4f19f6bdd --- tests/external_rsa_signer.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100755 tests/external_rsa_signer.sh (limited to 'tests/external_rsa_signer.sh') diff --git a/tests/external_rsa_signer.sh b/tests/external_rsa_signer.sh new file mode 100755 index 00000000..0724b878 --- /dev/null +++ b/tests/external_rsa_signer.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +if [ $# -ne 1 ]; then + echo "Usage: $0 " + echo "Reads data to sign from stdin, encrypted data is output to stdout" + exit 1 +fi + +openssl rsautl -sign -inkey $1 -- cgit v1.2.1