On Mon, Jan 17, 2022 at 4:44 PM Ken Dreyer wrote:
> Something else I'm wondering: rpmsign writes those four-byte "keyid"
> values to my FILESIGNATURE entries even if I don't have a public cert
> at all. How does it do that? I see verify_rpm.py checks the RPM's
> keyid values against the final four
On Thu, Jan 6, 2022 at 5:17 AM Patrick マルタインアンドレアス Uiterwijk
wrote:
> > - How do I generate my own new keypair so I can IMA-sign an RPM?
>
> You can generate the key with the standard OpenSSL commands.
> For example, an RSA key can be generated like:
> openssl genrsa | openssl pkcs8 -topk8 -nocryp
On Thu, 2022-01-06 at 10:16 +, Patrick マルタインアンドレアス Uiterwijk
wrote:
> Hi Ken,
>
> >
> > I want to add "intro to IMA signing" instructions to
> > https://docs.pagure.org/koji/signing/ . I wrote a basic PR at
> > https://pagure.io/koji/pull-request/3206 but it lacks technical
> > details.
>
Hi Ken,
>
> I want to add "intro to IMA signing" instructions to
> https://docs.pagure.org/koji/signing/ . I wrote a basic PR at
> https://pagure.io/koji/pull-request/3206 but it lacks technical
> details.
That'd be cool!
>
> - How do I generate my own new keypair so I can IMA-sign an RPM?
Yo
Hi folks,
I want to add "intro to IMA signing" instructions to
https://docs.pagure.org/koji/signing/ . I wrote a basic PR at
https://pagure.io/koji/pull-request/3206 but it lacks technical
details.
- How do I generate my own new keypair so I can IMA-sign an RPM?
- Can I use my existing GPG keypa
