be.ems/misc/ivreadme.txt

iv(integrity verification) toolkits完整性验证工具链说明


#使用帮助
[root@5gc iv]# ./iv
Usage:
./iv generate_private_key  private_key_name
./iv generate_public_key   private_key_name   public_key_name
./iv signature             private_key_name   source_cms_file   source_file
./iv verify_signature      public_key_name    source_cms_file   source_file


#生成私钥
[root@5gc iv]# ./iv generate_private_key pri.key
Generating RSA private key, 2048 bit long modulus (2 primes)
..............+++++
...................+++++
e is 65537 (0x010001)
en  pri.key_pri.key ==> pri.key_pri.key.aes_en
注意：这时候私钥已经被自动加密存储了


#通过私钥生成公钥
[root@5gc iv]# ./iv generate_public_key pri.key pub.key
writing RSA key


#签名
#source.bin     是某个二进制的文件，安装包、升级包或者任何其他文件
#source.cms     是生成的签名文件
[root@5gc iv]# ./iv signature pri.key source.cms source.bin


#验证通过
[root@5gc iv]# ./iv verify_signature pub.key source.cms source.bin
Verified OK


#修改原始文件后，验证不通过
[root@5gc iv]# vi source.bin
[root@5gc iv]# ./iv verify_signature pub.key source.cms source.bin
Verification Failure


#针对修改后的source.bin再次签名，验证通过
[root@5gc iv]# ./iv signature pri.key source.cms source.bin
[root@5gc iv]# ./iv verify_signature pub.key source.cms source.bin
Verified OK


#修改签名文件后，验证不通过
[root@5gc iv]# vi source.cms
[root@5gc iv]# ./iv verify_signature pub.key source.cms source.bin
Verification Failure