From patchwork Wed Mar 23 23:24:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Dannenberg X-Patchwork-Id: 64412 Delivered-To: patch@linaro.org Received: by 10.112.199.169 with SMTP id jl9csp784456lbc; Thu, 24 Mar 2016 10:08:40 -0700 (PDT) X-Received: by 10.28.18.85 with SMTP id 82mr12328762wms.5.1458839320499; Thu, 24 Mar 2016 10:08:40 -0700 (PDT) Return-Path: Received: from theia.denx.de (theia.denx.de. [85.214.87.163]) by mx.google.com with ESMTP id s67si33851097wmb.93.2016.03.24.10.08.40; Thu, 24 Mar 2016 10:08:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) client-ip=85.214.87.163; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 34A7FA75BC; Thu, 24 Mar 2016 18:08:26 +0100 (CET) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OeFFOKbNXxjb; Thu, 24 Mar 2016 18:08:25 +0100 (CET) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 40F02A74C3; Thu, 24 Mar 2016 18:08:21 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 9C3D1A74D6 for ; Thu, 24 Mar 2016 00:24:28 +0100 (CET) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0dEcnuDfvZUu for ; Thu, 24 Mar 2016 00:24:28 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from comal.ext.ti.com (comal.ext.ti.com [198.47.26.152]) by theia.denx.de (Postfix) with ESMTPS id 25D9BA748A for ; Thu, 24 Mar 2016 00:24:24 +0100 (CET) Received: from dflxv15.itg.ti.com ([128.247.5.124]) by comal.ext.ti.com (8.13.7/8.13.7) with ESMTP id u2NNOJHM027422; Wed, 23 Mar 2016 18:24:19 -0500 Received: from DLEE71.ent.ti.com (dlee71.ent.ti.com [157.170.170.114]) by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id u2NNOJG0016978; Wed, 23 Mar 2016 18:24:19 -0500 Received: from dlep32.itg.ti.com (157.170.170.100) by DLEE71.ent.ti.com (157.170.170.114) with Microsoft SMTP Server id 14.3.224.2; Wed, 23 Mar 2016 18:24:19 -0500 Received: from borg.dal.design.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by dlep32.itg.ti.com (8.14.3/8.13.8) with ESMTP id u2NNOJA3013171; Wed, 23 Mar 2016 18:24:19 -0500 From: Andreas Dannenberg To: Karl Apsite , Simon Glass , Date: Wed, 23 Mar 2016 18:24:10 -0500 Message-ID: <1458775450-25358-1-git-send-email-dannenberg@ti.com> X-Mailer: git-send-email 2.7.2 MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 24 Mar 2016 18:08:17 +0100 Subject: [U-Boot] [PATCH] doc: clarify openssl-based key and certificate generation process X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add some basic clarification that the dev.key file generated by OpenSSL contains both the public and private key, and further highlight that the certificate generated here contains the public key only. Signed-off-by: Andreas Dannenberg --- doc/uImage.FIT/signature.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.6.4 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt index b2f89fc..e487401 100644 --- a/doc/uImage.FIT/signature.txt +++ b/doc/uImage.FIT/signature.txt @@ -62,14 +62,14 @@ placed alongside rsa.c, and its functions added to the table in image-sig.c also. -Creating an RSA key and certificate ------------------------------------ -To create a new public key, size 2048 bits: +Creating an RSA key pair and certificate +---------------------------------------- +To create a new public/private key pair, size 2048 bits: $ openssl genpkey -algorithm RSA -out keys/dev.key \ -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -To create a certificate for this: +To create a certificate for this containing the public key: $ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt