1. 21 Oct, 2015 1 commit
    • David Howells's avatar
      KEYS: Provide a script to extract a module signature · 4adc605e
      David Howells authored
      The supplied script takes a signed module file and extracts the tailmost
      signature (there could theoretically be more than one) and dumps all or
      part of it or the unsigned file to stdout.
      
      Call as:
      
      	scripts/extract-module-sig.pl -[0adnks] module-file >out
      
      where the initial flag indicates which bit of the signed file you want dumping
      to stdout:
      
       (*) "-0".  Dumps the unsigned data with the signature stripped.
      
       (*) "-a".  Dumps all of the signature data, including the magic number.
      
       (*) "-d".  Dumps the signature information block as a sequence of decimal
           	    numbers in text form with spaces between (crypto algorithm type,
           	    hash type, identifier type, signer's name length, key identifier
           	    length and signature length).
      
       (*) "-n".  Dumps the signer's name contents.
      
       (*) "-k".  Dumps the key identifier contents.
      
       (*) "-s".  Dumps the cryptographic signature contents.
      
      In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will
      print a warning to stderr and dump nothing to stdout, but will otherwise
      complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d"
      will show "0 0 2 0 0 <pkcs#7-msg-len>".
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      4adc605e