Firmware Key and Signature Formats: Difference between revisions
Jump to navigation
Jump to search
(Initial import of Noah's email.) |
(First pass clean-up.) |
||
Line 1: | Line 1: | ||
This page describes the key and signature formats understood by OFW. The [[Firmware Security]] page describes how these are used. |
|||
⚫ | |||
=== |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
So thats: |
|||
3 2 1 3 1 N 1 |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
"rsa") |
|||
⚫ | |||
* the three digit length for the key data |
|||
⚫ | |||
⚫ | |||
⚫ | |||
So that's: |
|||
⚫ | |||
⚫ | |||
========= |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
* the key data |
|||
⚫ | |||
The key data is a hexadecimal-encoded octet string. The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of [ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf RSA PKCS #1, version 2.1]. |
|||
⚫ | |||
3 2 1 12 1 64 1 3 1 N 1 |
|||
⚫ | |||
So thats: |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
* the 12 character timestamp (ex., "200708161735" -> 2007-07-08 |
|||
So that's: |
|||
16:17:35) |
|||
⚫ | |||
* a space |
|||
⚫ | |||
⚫ | |||
⚫ | |||
file (for the immediate future you can ignore this in the firmware, |
|||
* the 13-character [http://en.wikipedia.org/wiki/ISO_8601 ISO 8601] UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z") |
|||
⚫ | |||
⚫ | |||
and just use a single key for each task.) |
and just use a single key for each task.) |
||
* a space |
|||
⚫ | |||
* the three digit length for the signature data |
|||
* a newline |
|||
* the signature data as a hex-encoded string |
|||
* a newline |
Revision as of 18:38, 23 August 2007
This page describes the key and signature formats understood by OFW. The Firmware Security page describes how these are used.
Key
key01 alg data\n 3 2 1 3 1 N 1
So that's:
- the literal string "key"
- the two digit version number ("01" for now)
- a space
- the three character algorithm name (for now this will always be "rsa")
- a space
- the key data
- a newline
The key data is a hexadecimal-encoded octet string. The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of RSA PKCS #1, version 2.1.
Signature
sig01 timestamp keyid data\n 3 2 1 13 1 64 1 N 1
So that's:
- the literal string "sig"
- the two digit version number ("01" for now)
- a space
- the 13-character ISO 8601 UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z")
- a space
- the 64 character key ID, as a hex-encoded SHA256 hash of the key file (for the immediate future you can ignore this in the firmware,
and just use a single key for each task.)
- a space
- the signature data as a hex-encoded string
- a newline