[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/usr.bin/nbsvtool
On Mon, Jul 14, 2008 at 06:57:42PM +0200, Dieter Baron wrote:
> Mention that keys and signatures are in X509 format, and which
> variants are supported.
PEM encoded keys, detached signatures in PEM/SMIME format.
> List and description of supported commands.
verify-code (short cut for setting -u code)
which do the obvious.
> Expected format of the various input files, with pointer to complete
> description and ways/tools to create them (openssl man pages, relevant
> RFCs, . . .):
See the second comment in nbsvtool.c.
> - certificate_chain_file
Additional certificates to include in the signature
> - certificate_file
The certificate itself.
> - private_key
The private key matching the certificate for sign operations.
> Description of the key usages mentioned (ssl-server, ssl-client,
> code, smime), and when one is supposed to use which. Pointer to more
> detailed information and exhaustive list (if there are more
Can't comment on that. Currently supported are ssl-server, ssl-client,
code and smime, others (SGC, OCSP, timestamp, DVCS) can be added easily.
> Syntax of the trust anchor.
cat'ed list of PEM encoded certificates that are considered trusted.
> Description of the examples, and what each is trying to acomplish.
Create signature file "hello.sp7" for file "hello". Private key is found
in file "key", certificates from "cert-chain" are included. The
certificate matching the private key must be included.
Verify that the signature "hello.sp7" for file "hello" is valid and that
the certificate allows code signing.
Same but check "file" instead.
Check signature "file.sp7" of "file", using "anchor-file" as trust
Main Index |
Thread Index |