Re: sign-file and detached PKCS#7 firmware signatures

From: Luis R. Rodriguez
Date: Tue May 19 2015 - 14:21:31 EST

Next message: Arnd Bergmann: "Re: [PATCH v7 08/13] ARM: unify MMU/!MMU addruart calls"
Previous message: Marcel Holtmann: "Re: [PATCH] Bluetooth: btusb: Add a quirk for BCM43142A0 (105b:e065)"
In reply to: David Howells: "Re: sign-file and detached PKCS#7 firmware signatures"
Next in thread: Luis R. Rodriguez: "Re: sign-file and detached PKCS#7 firmware signatures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 19, 2015 at 05:48:57PM +0100, David Howells wrote:
> Luis R. Rodriguez <mcgrof@xxxxxxxx> wrote:
>
> > > Something like:
> > >
> > > openssl smime -verify \
> > > -in $PKCS7_MESSAGE_FILE_IN_DER_FORM \
> > > -inform DER \
> > > -content $FIRMWARE_BLOB_NAME \
> > > -inkey $PRIVATE_KEY_FILE_IN_PEM_FORM \
> > > -signer $X509_CERT_FILE_IN_PEM_FORM
> > >
> > > I would guess.
> >
> > I tried a few things and no luck with that.
>
> Try this:
>
> openssl smime -verify \
> -in $PKCS7_MESSAGE_FILE_IN_DER_FORM \
> -inform DER \
> -certfile $X509_CERT_FILE_IN_PEM_FORM \
> -content $FIRMWARE_BLOB_NAME \
> -binary \
> -noverify \
> >/dev/null

Neat ok yeah this works thanks, I'll throw this in the docs too
with the change to use -out /dev/null.

Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "Re: [PATCH v7 08/13] ARM: unify MMU/!MMU addruart calls"
Previous message: Marcel Holtmann: "Re: [PATCH] Bluetooth: btusb: Add a quirk for BCM43142A0 (105b:e065)"
In reply to: David Howells: "Re: sign-file and detached PKCS#7 firmware signatures"
Next in thread: Luis R. Rodriguez: "Re: sign-file and detached PKCS#7 firmware signatures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]