Firmware Key and Signature Formats
This page describes the key and signature formats understood by OFW. The Firmware Security page describes how these are used.
Key
key01 alg data\n 3 2 1 3 1 N 1
So that's:
- the literal string "key"
- the two digit version number ("01" for now)
- a space
- the three character algorithm name (for now this will always be "rsa")
- a space
- the key data
- a newline
The key data is a hexadecimal-encoded octet string. The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of RSA PKCS #1, version 2.1.
Signature
sig01 timestamp keyid data\n 3 2 1 13 1 64 1 N 1
So that's:
- the literal string "sig"
- the two digit version number ("01" for now)
- a space
- the 13-character ISO 8601 UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z")
- a space
- the 64 character key ID, as a hex-encoded SHA256 hash of the key file (for the immediate future you can ignore this in the firmware,
and just use a single key for each task.)
- a space
- the signature data as a hex-encoded string
- a newline