* Temporary notes on how we're going to use OpenSSL.

This commit is contained in:
Eelco Dolstra 2007-02-20 22:57:46 +00:00
parent 8181a1c3bb
commit 3390c1be76

24
doc/signing.txt Normal file
View file

@ -0,0 +1,24 @@
Generate a private key:
$ openssl genrsa -out mykey.sec 2048
The private key should be kept secret (only readable to the Nix daemon
user).
Generate the corresponding public key:
$ openssl rsa -in mykey.sec -pubout > mykey.pub
The public key should be copied to all machines to which you want to
export store paths.
Signing:
$ nix-hash --type sha256 --flat svn.nar | openssl rsautl -sign -inkey mykey.sec > svn.nar.sign
Verifying a signature:
$ test "$(nix-hash --type sha256 --flat svn.nar)" = "$(openssl rsautl -verify -inkey mykey.pub -pubin -in svn.nar.sign)"