Firmware Key and Signature Formats

From OLPC
Revision as of 18:38, 23 August 2007 by CScott (talk | contribs) (First pass clean-up.)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This page describes the key and signature formats understood by OFW. The Firmware Security page describes how these are used.

Key

key01 alg data\n
 3 2 1 3 1 N  1

So that's:

  • the literal string "key"
  • the two digit version number ("01" for now)
  • a space
  • the three character algorithm name (for now this will always be "rsa")
  • a space
  • the key data
  • a newline

The key data is a hexadecimal-encoded octet string. The octet string is the ASN.1 encoding of an RSA public key given by Appendix A.1.1 of RSA PKCS #1, version 2.1.

Signature

sig01 timestamp keyid data\n
 3 2 1    13   1  64 1  N  1

So that's:

  • the literal string "sig"
  • the two digit version number ("01" for now)
  • a space
  • the 13-character ISO 8601 UTC timestamp in basic format (no dashes or colons) and no fractional seconds. (eg: "200708161735Z")
  • a space
  • the 64 character key ID, as a hex-encoded SHA256 hash of the key file (for the immediate future you can ignore this in the firmware,

and just use a single key for each task.)

  • a space
  • the signature data as a hex-encoded string
  • a newline
Retrieved from "http://wiki.laptop.org/mediawiki/index.php?title=Firmware_Key_and_Signature_Formats&oldid=61210"