Re: [PATCH] modsign: provide option to automatically delete the key after modules were installed

From: Alexander Holler
Date: Fri Jan 23 2015 - 06:44:11 EST


Am 23.01.2015 um 11:55 schrieb Michal Marek:
On 2015-01-23 11:15, Alexander Holler wrote:
Am 23.01.2015 um 10:39 schrieb Alexander Holler:
Am 23.01.2015 um 10:24 schrieb Michal Marek:

+ @rm ./signing_key.priv
+ @rm ./signing_key.x509

Why do you need to delete the certificate?

No special reason.

I'm just not sure (and too lazy to look it up) if it might contain the
private key too (like it's possible in pem files), so I've deleted it too.

Or in other words, while .priv leads me to the educated guess that it
contains the private key, .x509 doesn't give me an obvious indication
what it contains.

If someone assures me that .x509 doesn't contain the private key
necessary to sign the modules, I'll send a v2 of the patch.

The .x509 file contains a certificate signed by the private key, but not
the private key. With some scripting, it can be used to verify the
module signatures.


Assuming that doesn't change (hopefully), I'll send v2 in a few minutes (it just compiles in order to test it). Thanks for assuring me that .x509 does not and will not contain the private key.

Regards,

Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/