Changes between Version 9 and Version 10 of KeySetup


Ignore:
Timestamp:
Oct 2, 2017, 1:16:12 AM (7 years ago)
Author:
Seth
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • KeySetup

    v9 v10  
    11= File signing utilities =
    2 
    3 NOTE: the standard build will make versions with MySQL lib dependencies.
    4 If you need a version without this dependency,
    5 do '''make -f makefile_sign_executable''' in tools/;
    6 this will make both programs.
    7 
    8 
     2NOTE: the standard build will make versions with MySQL lib dependencies. If you need a version without this dependency, do '''make -f makefile_sign_executable''' in tools/; this will make both programs.  You will need to this also if you only built the client parts with {{{./configure --disable-manager --disable-server --disable-client}}} as these programs are not built with those configure settings.
    93
    104== Creating encryption keys ==
    11 
    125The program `lib/crypt_prog` performs various encryption tasks.
    136
    14  crypt_prog -genkey nbits private_keyfile public_keyfile::
    15         Create a key pair with nbits bits (always use 1024). Write the keys in encoded ASCII form to the indicated files.
     7 crypt_prog -genkey nbits private_keyfile public_keyfile:: Create a key pair with nbits bits (always use 1024). Write the keys in encoded ASCII form to the indicated files.
    168
    17 The following commands generate the file upload and code signing key pairs.
    18 BOINC_KEY_DIR is the directory where the keys will be stored.
    19 The code signing private key should be stored only on a highly secure (e.g., a disconnected, physically secure) host.
     9The following commands generate the file upload and code signing key pairs. BOINC_KEY_DIR is the directory where the keys will be stored. The code signing private key should be stored only on a highly secure (e.g., a disconnected, physically secure) host.
     10
    2011{{{
    2112crypt_prog -genkey 1024 BOINC_KEY_DIR/upload_private BOINC_KEY_DIR/upload_public
    2213crypt_prog -genkey 1024 BOINC_KEY_DIR/code_sign_private BOINC_KEY_DIR/code_sign_public
    2314}}}
    24 
    2515Other functions of crypt_prog:
    2616
    27  crypt_prog -sign file private_keyfile::
    28         Create a digital signature for the given file (same as sign_executable).
    29  crypt_prog -sign_string string private_keyfile::
    30         Create a digital signature for the given string, write it to stdout.
    31  crypt_prog -verify file signature_file public_keyfile::
    32         Verify a signature for the given file.
    33  crypt_prog -test_crypt private_keyfile public_keyfile::
    34         Perform an internal test, checking that encryption followed by decryption works.
    35  crypt_prog -cert_verify file signature_file certificate_dir ca_dir::
    36         Verify a certificate-based signature for the given file.
    37  crypt_prog -convsig o2b/b2o input_file output_file::
    38         Convert a signature from OpenSSL form to/from BOINC form.
    39  crypt_prog -convkey o2b/b2o priv/pub input_file output_file::
    40         Convert a key from OpenSSL form to/from BOINC form.
     17 crypt_prog -sign file private_keyfile:: Create a digital signature for the given file (same as sign_executable).
     18 crypt_prog -sign_string string private_keyfile:: Create a digital signature for the given string, write it to stdout.
     19 crypt_prog -verify file signature_file public_keyfile:: Verify a signature for the given file.
     20 crypt_prog -test_crypt private_keyfile public_keyfile:: Perform an internal test, checking that encryption followed by decryption works.
     21 crypt_prog -cert_verify file signature_file certificate_dir ca_dir:: Verify a certificate-based signature for the given file.
     22 crypt_prog -convsig o2b/b2o input_file output_file:: Convert a signature from OpenSSL form to/from BOINC form.
     23 crypt_prog -convkey o2b/b2o priv/pub input_file output_file:: Convert a key from OpenSSL form to/from BOINC form.
    4124
    4225== Code signing program ==
    43 Use '''sign_executable''' to sign executable files.
    44 It's exactly the same as crypt_prog --sign.
     26Use '''sign_executable''' to sign executable files. It's exactly the same as crypt_prog --sign.
    4527
    4628{{{
    4729sign_executable file_to_sign private_key_file > signature_file
    4830}}}
    49 sign_executable is compiled in the lib/ directory,
    50 and installed in your project's bin/ directory.
    51 It writes the signature to stdout.
     31sign_executable is compiled in the lib/ directory, and installed in your project's bin/ directory. It writes the signature to stdout.