create-user-key-store.sh: replace weak des3 encryption with aes256

Replace weak des3 encryption with more secure algorithm aes256 to generate ima key in script create-user-key-store.sh. Signed-off-by: David Dunlap <david.dunlap@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com>
author: David Dunlap <david.dunlap@windriver.com> 2020-07-16 13:47:42 +0000
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2020-09-15 10:05:40 +0800
commit: 070f7359b59d153e77a19b987eec79322076bbce (patch)
tree: b66ec379d3acf6e020576ff4b37e311bef477138
parent: 7ee985e53fcb8d055ed411db28fa3b514426bdc7 (diff)
download: meta-secure-core-070f7359b59d153e77a19b987eec79322076bbce.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh
index a63f50e..30e3c28 100755
--- a/meta-signing-key/scripts/create-user-key-store.sh
+++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -189,7 +189,7 @@ ca_sign() {
        else
            # Prompt user to type the password
            if [ "$IMA_PASS" = "" ] ; then
-                openssl genrsa -des3 -out "$key_dir/$key_name.key" 2048 \
+                openssl genrsa -aes256 -out "$key_dir/$key_name.key" 2048 \
                        || print_fatal "openssl failure"
                openssl req -new -sha256 \
@@ -198,7 +198,7 @@ ca_sign() {
                    -out "$key_dir/$key_name.csr" \
                        || print_fatal "openssl failure"
            else
-                openssl genrsa -des3 -passout "pass:$IMA_PASS" \
+                openssl genrsa -aes256 -passout "pass:$IMA_PASS" \
                    -out "$key_dir/$key_name.key" 2048 \
                        || print_fatal "openssl failure"
author	David Dunlap <david.dunlap@windriver.com>	2020-07-16 13:47:42 +0000
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2020-09-15 10:05:40 +0800
commit	070f7359b59d153e77a19b987eec79322076bbce (patch)
tree	b66ec379d3acf6e020576ff4b37e311bef477138
parent	7ee985e53fcb8d055ed411db28fa3b514426bdc7 (diff)
download	meta-secure-core-070f7359b59d153e77a19b987eec79322076bbce.tar.gz

diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh index a63f50e..30e3c28 100755 --- a/meta-signing-key/scripts/create-user-key-store.sh +++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -189,7 +189,7 @@ ca_sign() {
189	else	189	else
190	# Prompt user to type the password	190	# Prompt user to type the password
191	if [ "$IMA_PASS" = "" ] ; then	191	if [ "$IMA_PASS" = "" ] ; then
192	openssl genrsa -des3 -out "$key_dir/$key_name.key" 2048 \	192	openssl genrsa -aes256 -out "$key_dir/$key_name.key" 2048 \
193	\|\| print_fatal "openssl failure"	193	\|\| print_fatal "openssl failure"
194		194
195	openssl req -new -sha256 \	195	openssl req -new -sha256 \
@@ -198,7 +198,7 @@ ca_sign() {
198	-out "$key_dir/$key_name.csr" \	198	-out "$key_dir/$key_name.csr" \
199	\|\| print_fatal "openssl failure"	199	\|\| print_fatal "openssl failure"
200	else	200	else
201	openssl genrsa -des3 -passout "pass:$IMA_PASS" \	201	openssl genrsa -aes256 -passout "pass:$IMA_PASS" \
202	-out "$key_dir/$key_name.key" 2048 \	202	-out "$key_dir/$key_name.key" 2048 \
203	\|\| print_fatal "openssl failure"	203	\|\| print_fatal "openssl failure"
204		204