about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2007-02-20T22·57+0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2007-02-20T22·57+0000
commit3390c1be76f648ac0b18199c6204a32d1d6d5fbb (patch)
treea3a40642fc1c2a1708ba66357da4a593c25f7374
parent8181a1c3bbb35642d8242f13c3bbd17fe468c8e3 (diff)
* Temporary notes on how we're going to use OpenSSL.
-rw-r--r--doc/signing.txt24
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/signing.txt b/doc/signing.txt
new file mode 100644
index 000000000000..fad14d743a8d
--- /dev/null
+++ b/doc/signing.txt
@@ -0,0 +1,24 @@
+Generate a private key:
+
+$ openssl genrsa -out mykey.sec 2048
+
+The private key should be kept secret (only readable to the Nix daemon
+user).
+
+
+Generate the corresponding public key:
+
+$ openssl rsa -in mykey.sec -pubout > mykey.pub
+
+The public key should be copied to all machines to which you want to
+export store paths.
+
+
+Signing:
+
+$ nix-hash --type sha256 --flat svn.nar | openssl rsautl -sign -inkey mykey.sec > svn.nar.sign
+
+
+Verifying a signature:
+
+$ test "$(nix-hash --type sha256 --flat svn.nar)" = "$(openssl rsautl -verify -inkey mykey.pub -pubin -in svn.nar.sign)"