diff options
| author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2007-02-20T22·57+0000 |
|---|---|---|
| committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2007-02-20T22·57+0000 |
| commit | 3390c1be76f648ac0b18199c6204a32d1d6d5fbb (patch) | |
| tree | a3a40642fc1c2a1708ba66357da4a593c25f7374 /doc/signing.txt | |
| parent | 8181a1c3bbb35642d8242f13c3bbd17fe468c8e3 (diff) | |
* Temporary notes on how we're going to use OpenSSL.
Diffstat (limited to 'doc/signing.txt')
| -rw-r--r-- | doc/signing.txt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/signing.txt b/doc/signing.txt new file mode 100644 index 000000000000..fad14d743a8d --- /dev/null +++ b/doc/signing.txt @@ -0,0 +1,24 @@ +Generate a private key: + +$ openssl genrsa -out mykey.sec 2048 + +The private key should be kept secret (only readable to the Nix daemon +user). + + +Generate the corresponding public key: + +$ openssl rsa -in mykey.sec -pubout > mykey.pub + +The public key should be copied to all machines to which you want to +export store paths. + + +Signing: + +$ nix-hash --type sha256 --flat svn.nar | openssl rsautl -sign -inkey mykey.sec > svn.nar.sign + + +Verifying a signature: + +$ test "$(nix-hash --type sha256 --flat svn.nar)" = "$(openssl rsautl -verify -inkey mykey.pub -pubin -in svn.nar.sign)" |