diff options
author | Jan Luebbe <jlu@pengutronix.de> | 2020-05-13 12:26:24 +0200 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2020-05-15 14:47:35 -0400 |
commit | 24bf6e84ce22cd1b53cb79e4f89a4036af7e9c6b (patch) | |
tree | 85c116fc3267a1ce16d6771f0a08675788d48ccd /doc/uImage.FIT | |
parent | 3b84809b7b34f1f099303767a48f20cfb7c4e78c (diff) |
lib: rsa: avoid overriding the object name when already specified
If "object=" is specified in "keydir" when using the pkcs11 engine do
not append another "object=<key-name-hint>". This makes it possible to
use object names other than the key name hint. These two string
identifiers are not necessarily equal.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Diffstat (limited to 'doc/uImage.FIT')
-rw-r--r-- | doc/uImage.FIT/signature.txt | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt index 3591225a6e..d4afd755e9 100644 --- a/doc/uImage.FIT/signature.txt +++ b/doc/uImage.FIT/signature.txt @@ -481,12 +481,14 @@ openssl. This may require setting up LD_LIBRARY_PATH if engine is not installed to openssl's default search paths. PKCS11 engine support forms "key id" based on "keydir" and with -"key-name-hint". "key-name-hint" is used as "object" name and "keydir" if -defined is used to define (prefix for) which PKCS11 source is being used for -lookup up for the key. +"key-name-hint". "key-name-hint" is used as "object" name (if not defined in +keydir). "keydir" (if defined) is used to define (prefix for) which PKCS11 source +is being used for lookup up for the key. PKCS11 engine key ids: "pkcs11:<keydir>;object=<key-name-hint>;type=<public|private>" +or, if keydir contains "object=" + "pkcs11:<keydir>;type=<public|private>" or "pkcs11:object=<key-name-hint>;type=<public|private>", |