git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 21 Oct 2015 13:04:47 +0000 (14:04 +0100)
committer	David Howells <dhowells@redhat.com>
	Wed, 21 Oct 2015 14:18:36 +0000 (15:18 +0100)
commit	4adc605edc5f744dcf432241b5996ff6a13d868c
tree	581776e01a230bdfbf67e4438bf1e995f105f7b0	tree
parent	2221a6ee73e7c8f43af802a1ef9426d4b0d122d3	commit \| diff

KEYS: Provide a script to extract a module signature

The supplied script takes a signed module file and extracts the tailmost
signature (there could theoretically be more than one) and dumps all or
part of it or the unsigned file to stdout.

Call as:

scripts/extract-module-sig.pl -[0adnks] module-file >out

where the initial flag indicates which bit of the signed file you want dumping
to stdout:

(*) "-0".  Dumps the unsigned data with the signature stripped.

(*) "-a".  Dumps all of the signature data, including the magic number.

(*) "-d".  Dumps the signature information block as a sequence of decimal
          numbers in text form with spaces between (crypto algorithm type,
          hash type, identifier type, signer's name length, key identifier
          length and signature length).

(*) "-n".  Dumps the signer's name contents.

(*) "-k".  Dumps the key identifier contents.

(*) "-s".  Dumps the cryptographic signature contents.

In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will
print a warning to stderr and dump nothing to stdout, but will otherwise
complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d"
will show "0 0 2 0 0 <pkcs#7-msg-len>".

Signed-off-by: David Howells <dhowells@redhat.com>