mirror of
https://github.com/torvalds/linux.git
synced 2024-11-06 20:21:57 +00:00
c26fd69fa0
Add a crypto key parser for binary (DER) encoded X.509 certificates. The certificate is parsed and, if possible, the signature is verified. An X.509 key can be added like this: # keyctl padd crypto bar @s </tmp/x509.cert 15768135 and displayed like this: # cat /proc/keys 00f09a47 I--Q--- 1 perm 39390000 0 0 asymmetri bar: X509.RSA e9fd6d08 [] Note that this only works with binary certificates. PEM encoded certificates are ignored by the parser. Note also that the X.509 key ID is not congruent with the PGP key ID, but for the moment, they will match. If a NULL or "" name is given to add_key(), then the parser will generate a key description from the CertificateSerialNumber and Name fields of the TBSCertificate: 00aefc4e I--Q--- 1 perm 39390000 0 0 asymmetri bfbc0cd76d050ea4:/C=GB/L=Cambridge/O=Red Hat/CN=kernel key: X509.RSA 0c688c7b [] Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
39 lines
1.3 KiB
Plaintext
39 lines
1.3 KiB
Plaintext
menuconfig ASYMMETRIC_KEY_TYPE
|
|
tristate "Asymmetric (public-key cryptographic) key type"
|
|
depends on KEYS
|
|
help
|
|
This option provides support for a key type that holds the data for
|
|
the asymmetric keys used for public key cryptographic operations such
|
|
as encryption, decryption, signature generation and signature
|
|
verification.
|
|
|
|
if ASYMMETRIC_KEY_TYPE
|
|
|
|
config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
tristate "Asymmetric public-key crypto algorithm subtype"
|
|
select MPILIB
|
|
help
|
|
This option provides support for asymmetric public key type handling.
|
|
If signature generation and/or verification are to be used,
|
|
appropriate hash algorithms (such as SHA-1) must be available.
|
|
ENOPKG will be reported if the requisite algorithm is unavailable.
|
|
|
|
config PUBLIC_KEY_ALGO_RSA
|
|
tristate "RSA public-key algorithm"
|
|
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select MPILIB_EXTRA
|
|
help
|
|
This option enables support for the RSA algorithm (PKCS#1, RFC3447).
|
|
|
|
config X509_CERTIFICATE_PARSER
|
|
tristate "X.509 certificate parser"
|
|
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select ASN1
|
|
select OID_REGISTRY
|
|
help
|
|
This option procides support for parsing X.509 format blobs for key
|
|
data and provides the ability to instantiate a crypto key from a
|
|
public key packet found inside the certificate.
|
|
|
|
endif # ASYMMETRIC_KEY_TYPE
|