Re: [PATCH] modsign: provide option to automatically delete the key after modules were installed

[Alexander Holler]

Am 23.01.2015 um 11:55 schrieb Michal Marek:
> On 2015-01-23 11:15, Alexander Holler wrote:
> > Am 23.01.2015 um 10:39 schrieb Alexander Holler:
> > > Am 23.01.2015 um 10:24 schrieb Michal Marek:
> > >
> > > > > +	@rm ./signing_key.priv
> > > > > +	@rm ./signing_key.x509
> > > >
> > > > Why do you need to delete the certificate?
> > >
> > > No special reason.
> > >
> > > I'm just not sure (and too lazy to look it up) if it might contain the
> > > private key too (like it's possible in pem files), so I've deleted it too.
> >
> > Or in other words, while .priv leads me to the educated guess that it
> > contains the private key, .x509 doesn't give me an obvious indication
> > what it contains.
> >
> > If someone assures me that .x509 doesn't contain the private key
> > necessary to sign the modules, I'll send a v2 of the patch.
>
> The .x509 file contains a certificate signed by the private key, but not
> the private key. With some scripting, it can be used to verify the
> module signatures.


Assuming that doesn't change (hopefully), I'll send v2 in a few minutes 
(it just compiles in order to test it). Thanks for assuring me that 
.x509 does not and will not contain the private key.

Regards,

Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/