diff options
author | David Howells <dhowells@redhat.com> | 2015-10-21 14:04:47 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2015-10-21 15:18:36 +0100 |
commit | 4adc605edc5f744dcf432241b5996ff6a13d868c (patch) | |
tree | 581776e01a230bdfbf67e4438bf1e995f105f7b0 /include/keys | |
parent | 2221a6ee73e7c8f43af802a1ef9426d4b0d122d3 (diff) |
KEYS: Provide a script to extract a module signature
The supplied script takes a signed module file and extracts the tailmost
signature (there could theoretically be more than one) and dumps all or
part of it or the unsigned file to stdout.
Call as:
scripts/extract-module-sig.pl -[0adnks] module-file >out
where the initial flag indicates which bit of the signed file you want dumping
to stdout:
(*) "-0". Dumps the unsigned data with the signature stripped.
(*) "-a". Dumps all of the signature data, including the magic number.
(*) "-d". Dumps the signature information block as a sequence of decimal
numbers in text form with spaces between (crypto algorithm type,
hash type, identifier type, signer's name length, key identifier
length and signature length).
(*) "-n". Dumps the signer's name contents.
(*) "-k". Dumps the key identifier contents.
(*) "-s". Dumps the cryptographic signature contents.
In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will
print a warning to stderr and dump nothing to stdout, but will otherwise
complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d"
will show "0 0 2 0 0 <pkcs#7-msg-len>".
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'include/keys')
0 files changed, 0 insertions, 0 deletions