Re: sign-file and detached PKCS#7 firmware signatures

From: David Howells
Date: Tue May 19 2015 - 05:26:21 EST

Next message: Thomas Gleixner: "Re: [PATCH 19/19] y2038: use __kernel_timespec in sys_sched_rr_get_interval"
Previous message: Thomas Gleixner: "Re: [PATCH 18/19] y2038: introduce jiffies_to_timespec64"
In reply to: Luis R. Rodriguez: "Re: sign-file and detached PKCS#7 firmware signatures"
Next in thread: Luis R. Rodriguez: "Re: sign-file and detached PKCS#7 firmware signatures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Luis R. Rodriguez <mcgrof@xxxxxxxx> wrote:

> There's a missing -binary argument here, other than that this works fine.

Good point.

> > >$PKCS7_MESSAGE_FILE_IN_DER_FORM
>
> I however cannot figure out how to use openssl to verify this signature.

Something like:

openssl smime -verify \
-in $PKCS7_MESSAGE_FILE_IN_DER_FORM \
-inform DER \
-content $FIRMWARE_BLOB_NAME \
-inkey $PRIVATE_KEY_FILE_IN_PEM_FORM \
-signer $X509_CERT_FILE_IN_PEM_FORM

I would guess.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [PATCH 19/19] y2038: use __kernel_timespec in sys_sched_rr_get_interval"
Previous message: Thomas Gleixner: "Re: [PATCH 18/19] y2038: introduce jiffies_to_timespec64"
In reply to: Luis R. Rodriguez: "Re: sign-file and detached PKCS#7 firmware signatures"
Next in thread: Luis R. Rodriguez: "Re: sign-file and detached PKCS#7 firmware signatures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]