On 11:06 Fri 13 Mar , Sascha Hauer wrote: > On Fri, Mar 13, 2015 at 10:56:54AM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote: > > On 10:35 Fri 13 Mar , Jan Lübbe wrote: > > > On Do, 2015-03-12 at 18:47 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote: > > > > as state in my previous e-mail I will a keystore support > > > > > > > > but this dt format to handle no please > > > > > > > > we need to use the standard format as in the kernel or openssl > > > > > > > > DER and x509 > > > > > > > > specially x509 as if we want to be able to add key at runtime we need > > > > to sign them we the trusted RO keys > > > > > > > > For the implementation of RSA I use the polarssl one and plan to add > > > > the kernel one > > > > > > > > and this implementation is limited to 4096 the polarssl one is not > > > > > > Having an ASN1 parser for DER/x509 is a huge amount of complexity I > > > would not want in a bootloader. Just take a look at the problems the > > > SSL-CAs and browsers had with different interpretations of the same > > > cert. > > > > der is nothing few under lines > > Could you please write something that even remotely makes sense so we > can translate it here? sorry mutt via ssh lost some character when typing der is few 100s line of code that's all and x509 just a few more as I do not plan to support all the options of x509 specially the non standard one Best Regards, J. > > Sascha > > -- > Pengutronix e.K. | | > Industrial Linux Solutions | http://www.pengutronix.de/ | > Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
