diff options
| author | David Howells <dhowells@redhat.com> | 2012-09-26 10:11:06 +0100 | 
|---|---|---|
| committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-10 20:06:33 +1030 | 
| commit | 85ecac79457e30b19802bbfaeba1856ad00945b0 (patch) | |
| tree | ed25c82266200041e017b388c693036852ec1c7d /lib/debug_locks.c | |
| parent | 48ba2462ace6072741fd8d0058207d630ce93bf1 (diff) | |
MODSIGN: Provide a script for generating a key ID from an X.509 cert
Provide a script to parse an X.509 certificate and certain pieces of
information from it in order to generate a key identifier to be included within
a module signature.
The script takes the Subject Name and extracts (if present) the
organizationName (O), the commonName (CN) and the emailAddress and fabricates
the signer's name from them:
 (1) If both O and CN exist, then the name will be "O: CN", unless:
     (a) CN is prefixed by O, in which case only CN is used.
     (b) CN and O share at least the first 7 characters, in which case only CN
     	 is used.
 (2) Otherwise, CN is used if present.
 (3) Otherwise, O is used if present.
 (4) Otherwise the emailAddress is used, if present.
 (5) Otherwise a blank name is used.
The script emits a binary encoded identifier in the following form:
 - 2 BE bytes indicating the length of the signer's name.
 - 2 BE bytes indicating the length of the subject key identifier.
 - The characters of the signer's name.
 - The bytes of the subject key identifier.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'lib/debug_locks.c')
0 files changed, 0 insertions, 0 deletions
