KEYS: Provide a script to extract a module signature

The supplied script takes a signed module file and extracts the tailmost
signature (there could theoretically be more than one) and dumps all or
part of it or the unsigned file to stdout.

Call as:

	scripts/extract-module-sig.pl -[0adnks] module-file >out

where the initial flag indicates which bit of the signed file you want dumping
to stdout:

 (*) "-0".  Dumps the unsigned data with the signature stripped.

 (*) "-a".  Dumps all of the signature data, including the magic number.

 (*) "-d".  Dumps the signature information block as a sequence of decimal
     	    numbers in text form with spaces between (crypto algorithm type,
     	    hash type, identifier type, signer's name length, key identifier
     	    length and signature length).

 (*) "-n".  Dumps the signer's name contents.

 (*) "-k".  Dumps the key identifier contents.

 (*) "-s".  Dumps the cryptographic signature contents.

In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will
print a warning to stderr and dump nothing to stdout, but will otherwise
complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d"
will show "0 0 2 0 0 <pkcs#7-msg-len>".

Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed