From: Vitaly Chikunov <vt@altlinux.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH ima-evm-utils v8 3/3] Read keyid from the cert appended to the key file
Date: Wed, 14 Jul 2021 21:13:48 +0300 [thread overview]
Message-ID: <20210714181348.yjvfk5p5uxqarl2q@altlinux.org> (raw)
In-Reply-To: <2d54bb0340e2971234084db68cc00e27089388a8.camel@linux.ibm.com>
Mimi,
On Wed, Jul 14, 2021 at 12:16:57PM -0400, Mimi Zohar wrote:
> On Mon, 2021-07-12 at 08:44 +0300, Vitaly Chikunov wrote:
> >
> > @@ -43,26 +43,43 @@ cat > test-ca.conf <<- EOF
> > basicConstraints=CA:TRUE
> > subjectKeyIdentifier=hash
> > authorityKeyIdentifier=keyid:always,issuer
> > +
> > + [ skid ]
> > + basicConstraints=CA:TRUE
> > + subjectKeyIdentifier=12345678
> > + authorityKeyIdentifier=keyid:always,issuer
> > EOF
> > fi
>
> On my system:
> $ openssl version
> OpenSSL 1.1.1g FIPS 21 Apr 2020
>
> Not sure this has anything to do with the reason that "skid" is not
> supported. The resulting files are empty.
>
> ls -lat *skid*
> -rw-rw-r--. 1 mimi mimi 0 Jul 14 12:02 test-rsa1024_skid.key
> -rw-rw-r--. 1 mimi mimi 0 Jul 14 12:02 test-rsa1024_skid.pub
>
> - openssl pkey -in test-rsa1024.key -out test-rsa1024.pub -pubout
> - openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509
> -extensions skid -config test-ca.conf -newkey rsa:1024 -out test-
> rsa1024_skid.cer -outform DER -keyout test-rsa1024_skid.key
> Using configuration from test-ca.conf
> Error Loading extension section skid <===
Is it reproducible? Since multiple-distributions CI passed, I wonder
what distro it is.
Thanks,
next prev parent reply other threads:[~2021-07-14 18:13 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-12 5:44 [PATCH ima-evm-utils v8 0/3] ima-evm-utils: Add --keyid option Vitaly Chikunov
2021-07-12 5:44 ` [PATCH ima-evm-utils v8 1/3] Allow manual setting keyid for signing Vitaly Chikunov
2021-07-12 5:44 ` [PATCH ima-evm-utils v8 2/3] Allow manual setting keyid from a cert file Vitaly Chikunov
2021-07-12 5:44 ` [PATCH ima-evm-utils v8 3/3] Read keyid from the cert appended to the key file Vitaly Chikunov
2021-07-14 16:16 ` Mimi Zohar
2021-07-14 18:13 ` Vitaly Chikunov [this message]
2021-07-14 19:20 ` Mimi Zohar
2021-07-16 13:25 ` Vitaly Chikunov
2021-07-16 13:50 ` Vitaly Chikunov
2021-07-16 14:07 ` Vitaly Chikunov
2021-07-16 14:46 ` Mimi Zohar
2021-07-12 20:04 ` [PATCH ima-evm-utils v8 0/3] ima-evm-utils: Add --keyid option Mimi Zohar
2021-07-13 5:47 ` Vitaly Chikunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210714181348.yjvfk5p5uxqarl2q@altlinux.org \
--to=vt@altlinux.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.