Firmware Key and Signature Formats: Difference between revisions

From OLPC
Jump to navigation Jump to search
(Initial import of Noah's email.)
 
(First pass clean-up.)
Line 1: Line 1:
This page describes the key and signature formats understood by OFW. The [[Firmware Security]] page describes how these are used.
Key
===


==Key==
key01 alg datalen data\n
3 2 1 3 1 3 1 N 1


key01 alg data\n
So thats:
3 2 1 3 1 N 1
* the literal string "key"
* the two digit version number ("01" for now)
* a space
* the three character algorithm name (for now this will always be
"rsa")
* a space
* the three digit length for the key data
* a space
* the key data as a hex-encoded string
* a newline


So that's:
Signature
* the literal string "key"
=========
* the two digit version number ("01" for now)
* a space
* the three character algorithm name (for now this will always be "rsa")
* a space
* the key data
* a newline


The key data is a hexadecimal-encoded octet string. The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of [ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf RSA PKCS #1, version 2.1].
sig01 timestamp keyid datalen data\n
3 2 1 12 1 64 1 3 1 N 1


==Signature==
So thats:

* the literal string "sig"
sig01 timestamp keyid data\n
* the two digit version number ("01" for now)
3 2 1 13 1 64 1 N 1
* a space

* the 12 character timestamp (ex., "200708161735" -> 2007-07-08
So that's:
16:17:35)
* the literal string "sig"
* a space
* the two digit version number ("01" for now)
* the 64 character key ID, as a hex-encoded SHA256 hash of the key
* a space
file (for the immediate future you can ignore this in the firmware,
* the 13-character [http://en.wikipedia.org/wiki/ISO_8601 ISO 8601] UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z")
* a space
* the 64 character key ID, as a hex-encoded SHA256 hash of the key file (for the immediate future you can ignore this in the firmware,
and just use a single key for each task.)
and just use a single key for each task.)
* a space
* a space
* the signature data as a hex-encoded string
* the three digit length for the signature data
* a space
* a newline
* the signature data as a hex-encoded string
* a newline

Revision as of 18:38, 23 August 2007

This page describes the key and signature formats understood by OFW. The Firmware Security page describes how these are used.

Key

key01 alg data\n
 3 2 1 3 1 N  1

So that's:

  • the literal string "key"
  • the two digit version number ("01" for now)
  • a space
  • the three character algorithm name (for now this will always be "rsa")
  • a space
  • the key data
  • a newline

The key data is a hexadecimal-encoded octet string. The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of RSA PKCS #1, version 2.1.

Signature

sig01 timestamp keyid data\n
 3 2 1    13   1  64 1  N  1

So that's:

  • the literal string "sig"
  • the two digit version number ("01" for now)
  • a space
  • the 13-character ISO 8601 UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z")
  • a space
  • the 64 character key ID, as a hex-encoded SHA256 hash of the key file (for the immediate future you can ignore this in the firmware,

and just use a single key for each task.)

  • a space
  • the signature data as a hex-encoded string
  • a newline