From: Vitaly Chikunov <vt@altlinux.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH v6 3/3] ima-evm-utils: Read keyid from the cert appended to the key file
Date: Sat, 26 Jun 2021 03:21:36 +0300 [thread overview]
Message-ID: <20210626002136.bz2sn2chw4rddyev@altlinux.org> (raw)
In-Reply-To: <5a526d9dd5dcd227c4f85e8a3b9ae504ea97c438.camel@linux.ibm.com>
Mimi,
On Fri, Jun 25, 2021 at 08:22:15AM -0400, Mimi Zohar wrote:
> On Tue, 2021-05-11 at 14:56 +0300, Vitaly Chikunov wrote:
> > Allow to have certificate appended to the private key of `--key'
> > specified (PEM) file (for v2 signing) to facilitate reading of keyid
> > from the associated cert. This will allow users to have private and
> > public key as a single file. There is no check that public key form the
> > cert matches associated private key.
>
> Is this a standard formats for storing the public and private key in
> the same file?
I am not aware of any standard to keep ASCII armored text x509 cert
together with the private key in the same file. But, it's common usage
for some web servers, such as NGINX. People commonly suggest doing
it in that context:
https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files
"cat server.crt server.key > server.includesprivatekey.pem"
"cat server.crt server.key > server.pem"
Thanks,
>
> Mimi
next prev parent reply other threads:[~2021-06-26 0:21 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-11 11:56 [PATCH v6 0/3] ima-evm-utils: Add --keyid option Vitaly Chikunov
2021-05-11 11:56 ` [PATCH v6 1/3] ima-evm-utils: Allow manual setting keyid for signing Vitaly Chikunov
2021-06-25 12:21 ` Mimi Zohar
2021-06-26 0:42 ` Vitaly Chikunov
2021-06-28 20:50 ` Mimi Zohar
2021-06-29 1:32 ` Vitaly Chikunov
2021-06-30 16:39 ` Mimi Zohar
2021-06-30 19:44 ` Vitaly Chikunov
2021-06-30 20:47 ` Mimi Zohar
2021-06-30 21:10 ` Vitaly Chikunov
2021-06-30 21:32 ` Mimi Zohar
2021-05-11 11:56 ` [PATCH v6 2/3] ima-evm-utils: Allow manual setting keyid from a cert file Vitaly Chikunov
2021-06-25 12:22 ` Mimi Zohar
2021-06-26 0:27 ` Vitaly Chikunov
2021-06-30 16:39 ` Mimi Zohar
2021-05-11 11:56 ` [PATCH v6 3/3] ima-evm-utils: Read keyid from the cert appended to the key file Vitaly Chikunov
2021-06-25 12:22 ` Mimi Zohar
2021-06-26 0:21 ` Vitaly Chikunov [this message]
2021-06-30 17:38 ` Mimi Zohar
2021-06-30 19:10 ` Vitaly Chikunov
2021-06-30 19:26 ` Vitaly Chikunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210626002136.bz2sn2chw4rddyev@altlinux.org \
--to=vt@altlinux.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).