Chromium Code Reviews Chromium Code Reviews
Issue
4194003:
Add support for using external signing application and .pem private key files to vbutil_keyblock. (Closed)
DescriptionAdd support for using external signing application and .pem private key files to vbutil_keyblock.
This allows signing using a .pem file using an external program.
It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program.
Example usage:
vbutil_keyblock --pack 4096.keyblock \
--datapubkey 4096.vbpubk \
--signprivate_pem 4096.pem \
--pem_algorithm 8 \
--externalsigner "external_rsa_signer.sh"
I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface).
BUG=7576
TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer.
To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh)
Committed: http://chrome-svn/viewvc/chromeos?view=rev&revision=068fc6f
Patch Set 1 #Patch Set 2 : . #Patch Set 3 : spacing fixes #
Total comments: 8
Patch Set 4 : review fixes #
Total comments: 2
Patch Set 5 : fix read() bug #
Messages
Total messages: 9 (0 generated)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
