Re: sign-file and detached PKCS#7 firmware signatures

From: Luis R. Rodriguez
Date: Tue May 19 2015 - 12:19:12 EST


On Tue, May 19, 2015 at 10:25:24AM +0100, David Howells wrote:
> Luis R. Rodriguez <mcgrof@xxxxxxxx> wrote:
>
> > There's a missing -binary argument here, other than that this works fine.
>
> Good point.
>
> > > >$PKCS7_MESSAGE_FILE_IN_DER_FORM
> >
> > I however cannot figure out how to use openssl to verify this signature.
>
> Something like:
>
> openssl smime -verify \
> -in $PKCS7_MESSAGE_FILE_IN_DER_FORM \
> -inform DER \
> -content $FIRMWARE_BLOB_NAME \
> -inkey $PRIVATE_KEY_FILE_IN_PEM_FORM \
> -signer $X509_CERT_FILE_IN_PEM_FORM
>
> I would guess.

I tried a few things and no luck with that.

Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/