Skip to content

Draft: Support offline signatures

Marcin Cieślak requested to merge saper/pvr:feature/ext-sign into develop

With this early code, it is now possible to

pvr sig -e RS256 -x ../keys/cert.pem  add -p pv-avahi |
 openssl sha256 -binary |
 openssl pkeyutl -sign -inkey ../keys/key.pem -pkeyopt digest:sha256 |
 pvr sig -i -x ../keys/cert.pem add -p pv-avahi

to achieve the same effect as

pvr sig -k ../keys/key.pem -x ../keys/cert.pem  add -p pv-avahi

This enables the use of HSMs, KMS, external software signing services without having to wait synchronously for the signature.

Merge request reports