linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Vitaly Chikunov <vt@altlinux.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	linux-integrity@vger.kernel.org
Subject: Re: [PATCH v6 3/3] ima-evm-utils: Read keyid from the cert appended to the key file
Date: Sat, 26 Jun 2021 03:21:36 +0300	[thread overview]
Message-ID: <20210626002136.bz2sn2chw4rddyev@altlinux.org> (raw)
In-Reply-To: <5a526d9dd5dcd227c4f85e8a3b9ae504ea97c438.camel@linux.ibm.com>

Mimi,

On Fri, Jun 25, 2021 at 08:22:15AM -0400, Mimi Zohar wrote:
> On Tue, 2021-05-11 at 14:56 +0300, Vitaly Chikunov wrote:
> > Allow to have certificate appended to the private key of `--key'
> > specified (PEM) file (for v2 signing) to facilitate reading of keyid
> > from the associated cert. This will allow users to have private and
> > public key as a single file. There is no check that public key form the
> > cert matches associated private key.
> 
> Is this a standard formats for storing the public and private key in
> the same file?

I am not aware of any standard to keep ASCII armored text x509 cert
together with the private key in the same file. But, it's common usage
for some web servers, such as NGINX. People commonly suggest doing
it in that context:

  https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files
  "cat server.crt server.key > server.includesprivatekey.pem"
  "cat server.crt server.key > server.pem"

Thanks,


> 
> Mimi

  reply	other threads:[~2021-06-26  0:21 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-11 11:56 [PATCH v6 0/3] ima-evm-utils: Add --keyid option Vitaly Chikunov
2021-05-11 11:56 ` [PATCH v6 1/3] ima-evm-utils: Allow manual setting keyid for signing Vitaly Chikunov
2021-06-25 12:21   ` Mimi Zohar
2021-06-26  0:42     ` Vitaly Chikunov
2021-06-28 20:50       ` Mimi Zohar
2021-06-29  1:32         ` Vitaly Chikunov
2021-06-30 16:39           ` Mimi Zohar
2021-06-30 19:44             ` Vitaly Chikunov
2021-06-30 20:47               ` Mimi Zohar
2021-06-30 21:10                 ` Vitaly Chikunov
2021-06-30 21:32                   ` Mimi Zohar
2021-05-11 11:56 ` [PATCH v6 2/3] ima-evm-utils: Allow manual setting keyid from a cert file Vitaly Chikunov
2021-06-25 12:22   ` Mimi Zohar
2021-06-26  0:27     ` Vitaly Chikunov
2021-06-30 16:39       ` Mimi Zohar
2021-05-11 11:56 ` [PATCH v6 3/3] ima-evm-utils: Read keyid from the cert appended to the key file Vitaly Chikunov
2021-06-25 12:22   ` Mimi Zohar
2021-06-26  0:21     ` Vitaly Chikunov [this message]
2021-06-30 17:38   ` Mimi Zohar
2021-06-30 19:10     ` Vitaly Chikunov
2021-06-30 19:26       ` Vitaly Chikunov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210626002136.bz2sn2chw4rddyev@altlinux.org \
    --to=vt@altlinux.org \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=zohar@linux.ibm.com \
    --cc=zohar@linux.vnet.ibm.com \
    --subject='Re: [PATCH v6 3/3] ima-evm-utils: Read keyid from the cert appended to the key file' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).