Lines Matching refs:key
10 The signature feature allows the hash to be signed with a private key such
11 that it can be verified using a public key later. Provided that the private
12 key is kept secret and the public key is stored in a non-volatile place,
20 Some familiarity with public key cryptography is assumed in this section.
25 - sign the hash with a private key to produce a signature
31 - obtain the public key
34 - verify (with the public key) that the extracted signature matches the
65 Creating an RSA key pair and certificate
67 To create a new public/private key pair, size 2048 bits:
69 $ openssl genpkey -algorithm RSA -out keys/dev.key \
72 To create a certificate for this containing the public key:
74 $ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
76 If you like you can look at the public key also:
78 $ openssl rsa -in keys/dev.key -pubout
90 - key-name-hint: Name of key to use for signing. The keys will normally be in
91 a single directory (parameter -k to mkimage). For a given key <name>, its
92 private key is stored in <name>.key and the certificate is stored in
134 In order to verify an image that has been signed with a public key we need to
135 have a trusted public key. This cannot be stored in the signed image, since
137 public key in U-Boot's control FDT (using CONFIG_OF_CONTROL).
146 - key-name-hint: Name of key used for signing. This is only a hint since it
150 - required: If present this indicates that the key must be verified for the
161 - rsa,num-bits: Number of key bits (e.g. 2048)
393 Internet. If an attacker is able to steal the key, they can sign malicious FIT
396 An alternative solution is to keep your signing key securely stored on hardware
407 gnutls (recommended for key generation, p11tool)
429 URL of public key : [not set]
436 Signature key ....: [none]
437 Encryption key....: [none]
438 Authentication key: [none]
439 General key info..: [none]
442 Make off-card backup of encryption key? (Y/n) n
448 What keysize do you want for the Signature key? (2048) 4096
449 The card will now be re-configured to generate a key of 4096 bits
451 If the key generation does not succeed, please check the
453 What keysize do you want for the Encryption key? (2048) 4096
454 The card will now be re-configured to generate a key of 4096 bits
455 What keysize do you want for the Authentication key? (2048) 4096
456 The card will now be re-configured to generate a key of 4096 bits
457 Please specify how long the key should be valid.
458 0 = key does not expire
459 <n> = key expires in n days
460 <n>w = key expires in n weeks
461 <n>m = key expires in n months
462 <n>y = key expires in n years
467 GnuPG needs to construct a user ID to identify your key.
512 …xxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29;id=%01;object=Signature%20key;type=private
513 Type: Private key
514 Label: Signature key
518 Use the label, in this case "Signature key" as the key-name-hint in your FIT.
524 Sign the fitImage with the hardware key: