Firmware Key and Signature Formats

From OLPC
Revision as of 18:38, 23 August 2007 by CScott (talk | contribs) (First pass clean-up.)
Jump to navigation Jump to search

This page describes the key and signature formats understood by OFW. The Firmware Security page describes how these are used.

Key

key01 alg data\n
 3 2 1 3 1 N  1

So that's:

  • the literal string "key"
  • the two digit version number ("01" for now)
  • a space
  • the three character algorithm name (for now this will always be "rsa")
  • a space
  • the key data
  • a newline

The key data is a hexadecimal-encoded octet string. The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of RSA PKCS #1, version 2.1.

Signature

sig01 timestamp keyid data\n
 3 2 1    13   1  64 1  N  1

So that's:

  • the literal string "sig"
  • the two digit version number ("01" for now)
  • a space
  • the 13-character ISO 8601 UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z")
  • a space
  • the 64 character key ID, as a hex-encoded SHA256 hash of the key file (for the immediate future you can ignore this in the firmware,

and just use a single key for each task.)

  • a space
  • the signature data as a hex-encoded string
  • a newline