• David Howells's avatar
    KEYS: Provide a script to extract a module signature · 4adc605e
    David Howells authored
    The supplied script takes a signed module file and extracts the tailmost
    signature (there could theoretically be more than one) and dumps all or
    part of it or the unsigned file to stdout.
    
    Call as:
    
    	scripts/extract-module-sig.pl -[0adnks] module-file >out
    
    where the initial flag indicates which bit of the signed file you want dumping
    to stdout:
    
     (*) "-0".  Dumps the unsigned data with the signature stripped.
    
     (*) "-a".  Dumps all of the signature data, including the magic number.
    
     (*) "-d".  Dumps the signature information block as a sequence of decimal
         	    numbers in text form with spaces between (crypto algorithm type,
         	    hash type, identifier type, signer's name length, key identifier
         	    length and signature length).
    
     (*) "-n".  Dumps the signer's name contents.
    
     (*) "-k".  Dumps the key identifier contents.
    
     (*) "-s".  Dumps the cryptographic signature contents.
    
    In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will
    print a warning to stderr and dump nothing to stdout, but will otherwise
    complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d"
    will show "0 0 2 0 0 <pkcs#7-msg-len>".
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    4adc605e
extract-module-sig.pl 3.61 KB