LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Michal Marek <mmarek@suse.cz>
To: Alexander Holler <holler@ahsoftware.de>, linux-kernel@vger.kernel.org
Cc: linux-kbuild@vger.kernel.org, David Howells <dhowells@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] modsign: provide option to automatically delete the key after modules were installed
Date: Fri, 23 Jan 2015 11:55:13 +0100 [thread overview]
Message-ID: <54C22891.6070506@suse.cz> (raw)
In-Reply-To: <54C21F35.1040206@ahsoftware.de>
On 2015-01-23 11:15, Alexander Holler wrote:
> Am 23.01.2015 um 10:39 schrieb Alexander Holler:
>> Am 23.01.2015 um 10:24 schrieb Michal Marek:
>>
>>>> + @rm ./signing_key.priv
>>>> + @rm ./signing_key.x509
>>>
>>> Why do you need to delete the certificate?
>>
>> No special reason.
>>
>> I'm just not sure (and too lazy to look it up) if it might contain the
>> private key too (like it's possible in pem files), so I've deleted it too.
>
> Or in other words, while .priv leads me to the educated guess that it
> contains the private key, .x509 doesn't give me an obvious indication
> what it contains.
>
> If someone assures me that .x509 doesn't contain the private key
> necessary to sign the modules, I'll send a v2 of the patch.
The .x509 file contains a certificate signed by the private key, but not
the private key. With some scripting, it can be used to verify the
module signatures.
Michal
next prev parent reply other threads:[~2015-01-23 10:55 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-23 1:20 Alexander Holler
2015-01-23 9:24 ` Michal Marek
2015-01-23 9:39 ` Alexander Holler
2015-01-23 10:15 ` Alexander Holler
2015-01-23 10:55 ` Michal Marek [this message]
2015-01-23 11:43 ` Alexander Holler
2015-01-23 11:54 ` Alexander Holler
2015-01-23 12:34 ` Alexander Holler
2015-01-23 18:26 ` Alexander Holler
2015-01-23 12:56 ` David Howells
2015-01-23 13:27 ` Alexander Holler
2015-01-23 13:35 ` Alexander Holler
2015-01-23 21:57 ` [PATCH] modsign: overwrite keys with zero before deleting them Alexander Holler
2015-01-23 22:06 ` Richard Weinberger
2015-01-23 22:16 ` Alexander Holler
2015-01-23 23:58 ` David Howells
2015-01-24 0:13 ` Alexander Holler
2015-01-24 1:27 ` Pádraig Brady
2015-01-24 10:45 ` [PATCH v2] modsign: use shred to overwrite the private key before deleting it Alexander Holler
2015-01-24 11:37 ` Alexander Holler
2015-01-24 12:09 ` Alexander Holler
2015-01-24 12:29 ` Alexander Holler
2015-01-25 2:13 ` Pádraig Brady
2015-01-25 2:43 ` Alexander Holler
2015-01-25 10:32 ` Alexander Holler
2015-01-25 10:57 ` Alexander Holler
2015-01-25 11:42 ` Alexander Holler
2015-01-25 12:04 ` Alexander Holler
2015-01-25 12:08 ` Richard Weinberger
2015-01-25 12:24 ` Alexander Holler
2015-01-25 12:28 ` Richard Weinberger
2015-01-25 12:57 ` Alexander Holler
2015-01-25 12:36 ` Alexander Holler
2015-01-25 13:46 ` Alexander Holler
2015-01-29 22:39 ` Alexander Holler
2015-07-18 21:56 ` [PATCH] modsign: provide option to automatically delete the key after modules were installed Alexander Holler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54C22891.6070506@suse.cz \
--to=mmarek@suse.cz \
--cc=dhowells@redhat.com \
--cc=holler@ahsoftware.de \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--subject='Re: [PATCH] modsign: provide option to automatically delete the key after modules were installed' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).