Draft: add support for using external cmd to do the payload signing of pvs/jose signatures (!382) · Merge requests · Pantacor / pvr

Alexander (asac) Sack requested to merge feature/sig-signcmd into develop Sep 22, 2022

To test you can use:

$ cd /tmp/
$ pvr clone pantahub-ci/rock64_initial_latest
$ git clone https://gitlab.com/pantacor/pv-developer-ca
$ cd rock64_initial_latest

$ pvr sig --signcmd "openssl dgst -sign /tmp/pv-developer-ca/pki/private/pv-developer-01.key --keyform PEM -sha256" \
                 --signalgo RS256 \
                 --x5c /tmp/pv-developer-ca/pki/issued/pv-developer-01.crt \
                 add --part awconnect

to validate:

pvr sig --cacerts /tmp/pv-developer-ca/pki/ca.crt \
               --key /tmp/pv-developer-ca/pki/private/pv-developer-01.key \
               --x5c /tmp/pv-developer-ca/pki/issued/pv-developer-01.crt ls

x5c must be a certificate chain of cert and intermediate (without the actual root) as PEM and --cacerts must have the matching root of trust in PEM.

Draft: add support for using external cmd to do the payload signing of pvs/jose signatures

Merge request reports