Firmware Key and Signature Formats: Difference between revisions

Revision as of 18:38, 23 August 2007

This page describes the key and signature formats understood by OFW. The Firmware Security page describes how these are used.

Key

key01 alg data\n
 3 2 1 3 1 N  1

So that's:

the literal string "key"
the two digit version number ("01" for now)
a space
the three character algorithm name (for now this will always be "rsa")
a space
the key data
a newline

The key data is a hexadecimal-encoded octet string. The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of RSA PKCS #1, version 2.1.

Signature

sig01 timestamp keyid data\n
 3 2 1    13   1  64 1  N  1

So that's:

the literal string "sig"
the two digit version number ("01" for now)
a space
the 13-character ISO 8601 UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z")
a space
the 64 character key ID, as a hex-encoded SHA256 hash of the key file (for the immediate future you can ignore this in the firmware,

and just use a single key for each task.)

a space
the signature data as a hex-encoded string
a newline

@@ Line 1: / Line 1: @@
+This page describes the key and signature formats understood by OFW.  The [[Firmware Security]] page describes how these are used.
-Key
-===
+==Key==
-key01 alg datalen data\n
-2 1 3 1   3   1  N  1
+ key01 alg data\n
-So thats:
+2 1 3 1 N  1
- * the literal string "key"
- * the two digit version number ("01" for now)
- * a space
- * the three character algorithm name (for now this will always be
-"rsa")
- * a space
- * the three digit length for the key data
- * a space
- * the key data as a hex-encoded string
- * a newline
+So that's:
-Signature
+* the literal string "key"
-=========
+* the two digit version number ("01" for now)
+* a space
+* the three character algorithm name (for now this will always be "rsa")
+* a space
+* the key data
+* a newline
+The key data is a hexadecimal-encoded octet string.  The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of [ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf RSA PKCS #1, version 2.1].
-sig01 timestamp keyid datalen data\n
-2 1    12   1  64 1   3   1  N  1
+==Signature==
-So thats:
- * the literal string "sig"
+ sig01 timestamp keyid data\n
- * the two digit version number ("01" for now)
+2 1    13   1  64 1  N  1
- * a space
- * the 12 character timestamp (ex., "200708161735" -> 2007-07-08
+So that's:
-:17:35)
+* the literal string "sig"
- * a space
+* the two digit version number ("01" for now)
- * the 64 character key ID, as a hex-encoded SHA256 hash of the key
+* a space
-file (for the immediate future you can ignore this in the firmware,
+* the 13-character [http://en.wikipedia.org/wiki/ISO_8601 ISO 8601] UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z")
+* a space
+* the 64 character key ID, as a hex-encoded SHA256 hash of the key file (for the immediate future you can ignore this in the firmware,
 and just use a single key for each task.)
- * a space
+* a space
+* the signature data as a hex-encoded string
- * the three digit length for the signature data
- * a space
+* a newline
- * the signature data as a hex-encoded string
- * a newline

Firmware Key and Signature Formats: Difference between revisions

Revision as of 18:38, 23 August 2007

Key

Signature

Navigation menu

Search