diff options
| author | Geremy Condra <gcondra@google.com> | 2014-06-11 13:38:45 -0700 |
|---|---|---|
| committer | Geremy Condra <gcondra@google.com> | 2014-07-08 21:36:25 -0700 |
| commit | cee5bfdf119104b8ebce56d54dfcdcca1f537075 (patch) | |
| tree | 5b7cb9e9f885f7c5a197dca184fc5d473d03e901 /verity/VeritySigner.java | |
| parent | a2b7dbef923dbc1652fbb71969416cdd7adb40df (diff) | |
| download | extras-cee5bfdf119104b8ebce56d54dfcdcca1f537075.tar.gz | |
verity: Add tools to help OEMs generate signed boot images.
Change-Id: Iea200def2fdd8a0d366888bb7b1ae401297063f1
Diffstat (limited to 'verity/VeritySigner.java')
| -rw-r--r-- | verity/VeritySigner.java | 55 |
1 files changed, 5 insertions, 50 deletions
diff --git a/verity/VeritySigner.java b/verity/VeritySigner.java index 2ab94cb4..44c56028 100644 --- a/verity/VeritySigner.java +++ b/verity/VeritySigner.java @@ -16,63 +16,18 @@ package com.android.verity; -import org.bouncycastle.util.encoders.Base64; - -import java.io.DataInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.InputStream; -import java.security.KeyFactory; import java.security.PrivateKey; -import java.security.Signature; -import java.security.spec.PKCS8EncodedKeySpec; - -class VeritySigner { - - private static byte[] sign(PrivateKey privateKey, byte[] input) throws Exception { - Signature signer = Signature.getInstance("SHA1withRSA"); - signer.initSign(privateKey); - signer.update(input); - return signer.sign(); - } - - private static PKCS8EncodedKeySpec pemToDer(String pem) throws Exception { - pem = pem.replaceAll("^-.*", ""); - String base64_der = pem.replaceAll("-.*$", ""); - byte[] der = Base64.decode(base64_der); - return new PKCS8EncodedKeySpec(der); - } - private static PrivateKey loadPrivateKey(String pem) throws Exception { - PKCS8EncodedKeySpec keySpec = pemToDer(pem); - KeyFactory keyFactory = KeyFactory.getInstance("RSA"); - return (PrivateKey) keyFactory.generatePrivate(keySpec); - } - - private static byte[] read(String path) throws Exception { - File contentFile = new File(path); - byte[] content = new byte[(int)contentFile.length()]; - FileInputStream fis = new FileInputStream(contentFile); - fis.read(content); - fis.close(); - return content; - } - - private static void writeOutput(String path, byte[] output) throws Exception { - FileOutputStream fos = new FileOutputStream(path); - fos.write(output); - fos.close(); - } +public class VeritySigner { // USAGE: // VeritySigner <contentfile> <key.pem> <sigfile> // To verify that this has correct output: // openssl rsautl -raw -inkey <key.pem> -encrypt -in <sigfile> > /tmp/dump public static void main(String[] args) throws Exception { - byte[] content = read(args[0]); - PrivateKey privateKey = loadPrivateKey(new String(read(args[1]))); - byte[] signature = sign(privateKey, content); - writeOutput(args[2], signature); + byte[] content = Utils.read(args[0]); + PrivateKey privateKey = Utils.loadPEMPrivateKey(Utils.read(args[1])); + byte[] signature = Utils.sign(privateKey, content); + Utils.write(signature, args[2]); } } |