blob: e61396892f7691edf94955a5c340d042077fa94b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
# EVM & IMA keys
The following IMA & EVM debug/test keys are in this directory
- ima-local-ca.priv: The CA's private key (password: 1234)
- ima-local-ca.pem: The CA's self-signed certificate
- privkey_ima.pem: IMA & EVM private key used for signing files
- x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures
The CA's (self-signed) certificate can be used to verify the validity of
the x509_ima.der certificate. Since the CA certificate will be built into
the Linux kernel, any key (x509_ima.der) loaded onto the .ima keyring must
pass this test:
```
openssl verify -CAfile ima-local-ca.pem x509_ima.der
````
|