From: Dmitry Kasatkin Date: Wed, 1 Feb 2012 08:33:07 +0000 (+0200) Subject: added password parameter for using encrypted keys X-Git-Tag: v0.1.0~7 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e91cb01e9a0d9904decc626f9f3fddf9eea55fc8;p=platform%2Fupstream%2Fima-evm-utils.git added password parameter for using encrypted keys Added password parameter for using encrypted keys. Signed-off-by: Dmitry Kasatkin --- diff --git a/README b/README index a8faa7f..86515eb 100644 --- a/README +++ b/README @@ -1,8 +1,17 @@ 1. Generate private key +# plain key openssl genrsa -out privkey_evm.pem 1024 +# encrypted key +openssl genrsa -des3 -out privkey_evm.pem 1024 + +# set password for the key +openssl rsa -in /etc/keys/privkey_evm.pem -out privkey_evm_enc.pem -des3 +or +openssl pkcs8 -topk8 -in /etc/keys/privkey_evm.pem -out privkey_evm_enc.pem + 2. Generate public key openssl rsa -pubout -in privkey_evm.pem -out pubkey_evm.pem diff --git a/src/evmctl.c b/src/evmctl.c index 35cdd95..08f1904 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -150,6 +150,7 @@ static int digest = 0; static int digsig = 0; static char *hash_algo = "sha1"; static int binkey = 0; +static char *keypass; extern struct command cmds[]; static void print_usage(struct command *cmd); @@ -330,7 +331,7 @@ static int sign_hash(const unsigned char *hash, int size, const char *keyfile, u log_errno("Unable to open keyfile %s", keyfile); return -1; } - key1 = PEM_read_RSAPrivateKey(fp, &key, NULL, NULL); + key1 = PEM_read_RSAPrivateKey(fp, &key, NULL, keypass); fclose(fp); if (!key1) { log_errno("RSAPrivateKey() failed"); @@ -1167,6 +1168,7 @@ static struct option opts[] = { {"imahash", 0, 0, 'd'}, {"hashalgo", 1, 0, 'a'}, {"bin", 0, 0, 'b'}, + {"pass", 1, 0, 'p'}, {} }; @@ -1179,7 +1181,7 @@ int main(int argc, char *argv[]) g_argc = argc; while (1) { - c = getopt_long(argc, argv, "hk:vnsda:b", opts, &lind); + c = getopt_long(argc, argv, "hk:vnsda:bp:", opts, &lind); if (c == -1) break; @@ -1209,6 +1211,9 @@ int main(int argc, char *argv[]) case 'b': binkey = 1; break; + case 'p': + keypass = optarg; + break; case '?': exit(1); break;