Re: [RFD] linux-firmware key arrangement for firmware signing
From: Andy Lutomirski
Date: Thu May 21 2015 - 12:48:39 EST
On Thu, May 21, 2015 at 9:43 AM, Petko Manolov <petkan@xxxxxxxxxxxx> wrote:
> On 15-05-21 16:51:49, David Howells wrote:
>>
>> I do have patches to parse PGP key data and add the public keys found therein
>> onto the kernel keyring, but that would mean adding an extra key data parser.
>
> PGP is widely used so i would gladly have one more parser in the kernel.
<rant>
PGP is also a crappy format:
http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html
and using PGP means we're probably stuck with PKCS#1 v1.5, which
should have been phased out worldwide many years ago.
In any event, I don't see why PGP compatibility requires any sort of
OpenPGP parser in the kernel. Just because GnuPG goes out of its way
to be incompatible with anything other than the OpenPGP ecosystem
doesn't mean that you can't relatively straightforwardly generate raw
PKCS#1 signatures from an OpenPGP key.
</rant>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/