On Wed, 2023-04-26 at 10:20 -0400, Stefan Berger wrote: > > On 4/26/23 09:58, Mimi Zohar wrote: > > > In preparation to allowing only code signing keys on the IMA keyring, > > please add "extendedKeyUsage=critical,codeSigning", > > > >> +subjectKeyIdentifier=hash > >> +authorityKeyIdentifier=keyid > >> +#authorityKeyIdentifier=keyid,issuer > >> +__EOF__ > >> + > >> +openssl req -new -nodes -utf8 -sha1 -days 365 -batch -config $GENKEY \ > > > > And similarly change sha1 to sha256 here. > > Should we make all these changes first to the existing scripts for RSA keys? Definitely. Please also update the "doc_DATA" in Makefile.am to include the new scripts. -- thanks, Mimi
