Re: IMA signature generated by evmctl has unexpected key identifier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/21/19 5:30 PM, Mimi Zohar wrote:


Have you tried using "evmctl ima_verify" to verify the signature after
signing the file?
Yes - I have. It fails with the following error. I have tried multiple signing keys, but no luck. 

evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
/boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed



Perhaps it's something with the key.  If you haven't already used the
scripts for generating the keys in the ima-evm-utils examples/
directory, you might try that.

I'll give this a try.

Thanks,
 -lakshmi
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux