On Fri, 2026-05-15 at 09:42 +0000, Jamin Lin wrote: > The key file validation in run_mkimage_sign() unconditionally required > .key and .crt regardless of the signing algorithm. This prevented ECDSA > signing which uses a single .pem file. > > Extract the check into _check_sign_key_files() and detect the algorithm > from the algo string (e.g. "sha256,ecdsa384") by scanning all > comma-separated parts so field order does not matter: > - ECDSA: requires <keyname>.pem > - RSA : requires <keyname>.key and <keyname>.crt
Hi Jamin, This contradicts my understanding of cryptographic algorithms and file formats. To my knowledge, ECDSA & RSA are algorithms, PEM vs .key/.crt are file formats. You can have an RSA certificate in PEM format, and you can store the key & cert for use in ECDSA in .key & .crt files if you want to. Am I misunderstanding something here? Best regards, -- Paul Barker
signature.asc
Description: This is a digitally signed message part
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237254): https://lists.openembedded.org/g/openembedded-core/message/237254 Mute This Topic: https://lists.openembedded.org/mt/119327152/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
