While kernel always trusts to X.509 SKID extension and using last 4 bytes of it as keyid, ima-evm-utils is using SHA-1 to generate keyid from a public key. This becomes a problem if something different from SHA-1 was used to generate SKID (e.g SHA-256). In this case, kernel will not be able to verify produced IMA signature as there will be no available key with such keyid. So, do we need to provide means for using SKID from certificate as keyid in ima-evm-utils? Or is it the kernel who should always generate SHA-1-based keyid?
