diff options
Diffstat (limited to 'meta-integrity/data/debug-keys/README.md')
-rw-r--r-- | meta-integrity/data/debug-keys/README.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/meta-integrity/data/debug-keys/README.md b/meta-integrity/data/debug-keys/README.md new file mode 100644 index 0000000..e613968 --- /dev/null +++ b/meta-integrity/data/debug-keys/README.md @@ -0,0 +1,17 @@ +# EVM & IMA keys + +The following IMA & EVM debug/test keys are in this directory + +- ima-local-ca.priv: The CA's private key (password: 1234) +- ima-local-ca.pem: The CA's self-signed certificate +- privkey_ima.pem: IMA & EVM private key used for signing files +- x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures + +The CA's (self-signed) certificate can be used to verify the validity of +the x509_ima.der certificate. Since the CA certificate will be built into +the Linux kernel, any key (x509_ima.der) loaded onto the .ima keyring must +pass this test: + +``` + openssl verify -CAfile ima-local-ca.pem x509_ima.der +```` |