[Rpm-ecosystem] [PATCH v6 09/11] Sign file digests and store signatures in header

Mimi Zohar zohar at linux.vnet.ibm.com
Sun Jul 19 22:16:24 UTC 2015


On Thu, 2015-07-16 at 10:57 -0400, Lubos Kardos wrote:

> > +static uint32_t signatureLength(const char *algo, int diglen, const char
> > *key)
> > +{
> > +    unsigned char digest[diglen];
> > +    unsigned char signature[MAX_SIGNATURE_LENGTH];
> > + 
> > +    memset(digest, 0, diglen);
> > +    memset(signature, 0, MAX_SIGNATURE_LENGTH);
> > +    signature[0] = '\x03';
> > +
> > +    uint32_t siglen = sign_hash(algo, digest, diglen, key, signature+1);
> Is the key encrypted? If the key is encrypted then how user can enter passphrase?

I'm thinking we can pipe the password to rpmsign and read it from stdin,
prompt for the password using popen to execute pinentry, or both.

Mimi



More information about the Rpm-ecosystem mailing list