Re: [PATCH ima-evm-utils v2 2/2] examples: Add examples for elliptic curve key and certs generation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/26/23 09:58, Mimi Zohar wrote:


In preparation to allowing only code signing keys on the IMA keyring,
please add "extendedKeyUsage=critical,codeSigning",


+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+#authorityKeyIdentifier=keyid,issuer
+__EOF__
+
+openssl req -new -nodes -utf8 -sha1 -days 365 -batch -config $GENKEY \


And similarly change sha1 to sha256 here.


Should we make all these changes first to the existing scripts for RSA keys?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux