git.karo-electronics.de Git - karo-tx-linux.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 26 Sep 2012 09:11:06 +0000 (10:11 +0100)
committer	Rusty Russell <rusty@rustcorp.com.au>
	Fri, 28 Sep 2012 05:26:46 +0000 (14:56 +0930)
commit	7a881859dcef13e4798ba11b76c2ac0c1e4f0ab0
tree	843a812bb4242256091e0a4d88bcc6a5333714e0	tree \| snapshot
parent	524891a51f4d5e2f7a4298e286cb6a65ac34ba39	commit \| diff

MODSIGN: Provide a script for generating a key ID from an X.509 cert

Provide a script to parse an X.509 certificate and certain pieces of
information from it in order to generate a key identifier to be included within
a module signature.

The script takes the Subject Name and extracts (if present) the
organizationName (O), the commonName (CN) and the emailAddress and fabricates
the signer's name from them:

(1) If both O and CN exist, then the name will be "O: CN", unless:

     (a) CN is prefixed by O, in which case only CN is used.

     (b) CN and O share at least the first 7 characters, in which case only CN
      is used.

(2) Otherwise, CN is used if present.

(3) Otherwise, O is used if present.

(4) Otherwise the emailAddress is used, if present.

(5) Otherwise a blank name is used.

The script emits a binary encoded identifier in the following form:

- 2 BE bytes indicating the length of the signer's name.

- 2 BE bytes indicating the length of the subject key identifier.

- The characters of the signer's name.

- The bytes of the subject key identifier.

Signed-off-by: David Howells <dhowells@redhat.com>