diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/signedconfig/debug_key.pem | 5 | ||||
| -rw-r--r-- | tools/signedconfig/debug_public.pem | 4 | ||||
| -rwxr-xr-x | tools/signedconfig/debug_sign.sh | 6 | ||||
| -rwxr-xr-x | tools/signedconfig/gen_priv_key.sh | 7 | ||||
| -rwxr-xr-x | tools/signedconfig/verify_b64.sh | 10 |
5 files changed, 32 insertions, 0 deletions
diff --git a/tools/signedconfig/debug_key.pem b/tools/signedconfig/debug_key.pem new file mode 100644 index 000000000000..0af577bf81e1 --- /dev/null +++ b/tools/signedconfig/debug_key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIEfgtO+KPOoqJqTnqkDDKkAcOzyvtovsUO/ShLE6y4XRoAoGCCqGSM49 +AwEHoUQDQgAEaAn2XVifsLTHg616nTsOMVmlhBoECGbTEBTKKvdd2hO60pj1pnU8 +SMkhYfaNxZuKgw9LNvOwlFwStboIYeZ3lQ== +-----END EC PRIVATE KEY----- diff --git a/tools/signedconfig/debug_public.pem b/tools/signedconfig/debug_public.pem new file mode 100644 index 000000000000..f61f81322b94 --- /dev/null +++ b/tools/signedconfig/debug_public.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaAn2XVifsLTHg616nTsOMVmlhBoE +CGbTEBTKKvdd2hO60pj1pnU8SMkhYfaNxZuKgw9LNvOwlFwStboIYeZ3lQ== +-----END PUBLIC KEY----- diff --git a/tools/signedconfig/debug_sign.sh b/tools/signedconfig/debug_sign.sh new file mode 100755 index 000000000000..28e54289f8f8 --- /dev/null +++ b/tools/signedconfig/debug_sign.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# Script to sign data with the debug keys. Outputs base64 for embedding into +# APK metadata. + +openssl dgst -sha256 -sign $(dirname $0)/debug_key.pem $1 | base64 -w 0 +echo diff --git a/tools/signedconfig/gen_priv_key.sh b/tools/signedconfig/gen_priv_key.sh new file mode 100755 index 000000000000..834c86bc8c12 --- /dev/null +++ b/tools/signedconfig/gen_priv_key.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# This script acts as a record of how the debug key was generated. There should +# be no need to run it again. + +openssl ecparam -name prime256v1 -genkey -noout -out debug_key.pem +openssl ec -in debug_key.pem -pubout -out debug_public.pem diff --git a/tools/signedconfig/verify_b64.sh b/tools/signedconfig/verify_b64.sh new file mode 100755 index 000000000000..8e1f58ce7b45 --- /dev/null +++ b/tools/signedconfig/verify_b64.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# Script to verify signatures, with both signature & data given in b64 +# Args: +# 1. data (base64 encoded) +# 2. signature (base64 encoded) +# The arg values can be taken from the debug log for SignedConfigService when verbose logging is +# enabled. + +openssl dgst -sha256 -verify $(dirname $0)/debug_public.pem -signature <(echo $2 | base64 -d) <(echo $1 | base64 -d) |