Menu
▾
▴
[Linux-ima-user] Tried to sign files and read with getfattr (unsuccessfully)
|
From: Curtis V. <cr...@so...> - 2015-01-23 05:04:53
|
Thanks for the help Mimi, Sorry about all the questions and issues. Hoping someone on the list might have an idea about what I'm doing wrong. I have found that something is going wrong when I attempt to sign files. I have tried the following on three systems. - Unbuntu 14.04 development system. - Ubuntu 14.04 server target system (pretty much bare bones) - Ubuntu 14.10 server (To try the Ubuntu compiled evmctl 0.8 from ima-evm-utils deb) On the 14.04 systems I compiled the 0.9 version of ima-evm-utilities. I followed the instructions (all excpt TPM) for making keys and certs in the evmctl(1) document. There are a number of methods shown and honestly I am not sure which is best. (recommendations?) I have tried using several of the resulting keys for signing but would prefer to use "trusted" keys signed as shown in the last section before the signing examples. I tried the following commands on a short text file and examined the result with "getfattr -e hex test.txt" "evmctl sign --imahash test.txt" "evmctl sign --rsa --imahash test.txt" "evmctl sign --imasig test.txt" "evmctl sign --rsa --imasig test.txt" "evmctl ima_sign test.txt" "evmctl ima_sign --rsa test.txt" In all cases the result shown by "getfattr -e hex test.txt" is blank. I was able to set and read xattrs with getfattr and also was able to use -f to create a .sig file containing a signature. Any ideas about why I am not getting xattrs signatures when using evnctl? Thanks and best regards! |
