From: "Yazdani, Reyhaneh" <RYazdani@data-modul.com>
To: "Jan Lübbe" <jlu@pengutronix.de>,
"rauc@pengutronix.de" <rauc@pengutronix.de>
Subject: Re: [RAUC] pass PEM passphrase in Yocto build
Date: Fri, 18 Mar 2022 11:03:23 +0000 [thread overview]
Message-ID: <112ee1cc577b423db517e12055d42ec3@data-modul.com> (raw)
In-Reply-To: <f97839b2ad86575da960f06660de9784a7bc02dd.camel@pengutronix.de>
Hi Jan,
Thanks for your answer.
> -----Ursprüngliche Nachricht-----
> Von: Jan Lübbe <jlu@pengutronix.de>
> Gesendet: Freitag, 18. März 2022 11:44
> An: Yazdani, Reyhaneh <RYazdani@data-modul.com>; rauc@pengutronix.de
> Betreff: Re: [RAUC] pass PEM passphrase in Yocto build
>
> Hi,
>
> On Fri, 2022-03-18 at 10:32 +0000, Yazdani, Reyhaneh wrote:
> > Hi everyone,
> >
> > I am getting the below error when I was building the bundle by Yocto
> > with encrypted Root CA and ICA certificate.
> >
> …
> > | 139843920926528:error:0906406D:PEM
> > | routines:PEM_def_callback:problems
> > getting password:../openssl-1.1.1l/crypto/pem/pem_lib.c:59:
> > | 139843920926528:error:0907B068:PEM
> > | routines:PEM_read_bio_PrivateKey:bad
> > password read:../openssl-1.1.1l/crypto/pem/pem_pkey.c:64:
> …
> >
> > During my investigation, I found the below post from 6 months ago:
> > https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http
> >
> s%3a%2f%2fgithub.com%2frauc%2fmeta%2drauc%2fissues%2f200&umid=96
> BD2BE4
> > -DA7B-D305-B107-
> 4007ED7F68E3&auth=162296ff492f363ddb29ca454338bb846279
> > 96db-2ff6ea33cb85b28d75411d2b21402171190c8a2e
>
> My recommendations in
> https://imsva91-
> ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fgithub.
> com%2frauc%2fmeta%2drauc%2fissues%2f200%23issuecomment%2d943085
> 728&umid=96BD2BE4-DA7B-D305-B107-
> 4007ED7F68E3&auth=162296ff492f363ddb29ca454338bb84627996db-
> cb2252107bcc0c04e1eb222a5f3f56a047114518 still stand.
>
> > Based on this post, I cannot use any encrypted keys and Root-CA in
> > building a bundle in Yocto. Am I right?
>
> Yes. So far, nobody has implemented support for passing a private key
> password to RAUC, as the security benefits are minimal compared to the
> effort.
[Reyhaneh] I asked here, since I wanted to be sure nothing has changed regarding implementation since six months. That is great you answered me quickly.
Best regards,
Reyhaneh
>
> Regards,
> Jan
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 | http://www.pengutronix.de/ |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
RAUC mailing list
next prev parent reply other threads:[~2022-03-18 11:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1c731e01b30146c7b24384eacf6954a9@data-modul.com>
2022-03-18 10:38 ` Enrico Jörns
2022-03-18 10:44 ` Jan Lübbe
2022-03-18 11:03 ` Yazdani, Reyhaneh [this message]
2022-03-18 13:22 ` Jan Lübbe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=112ee1cc577b423db517e12055d42ec3@data-modul.com \
--to=ryazdani@data-modul.com \
--cc=jlu@pengutronix.de \
--cc=rauc@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox