-
Notifications
You must be signed in to change notification settings - Fork 452
KeySetup
NOTE: the standard build will make versions with MySQL lib dependencies. If you need a version without this dependency, do make -f makefile_sign_executable in tools/; this will make both programs. You will need to this also if you only built the client parts with ./configure --disable-manager --disable-server --disable-client as these programs are not built with those configure settings.
The program lib/crypt_prog performs various encryption tasks.
Create a key pair with nbits bits (always use 1024). Write the keys in encoded ASCII form to the indicated files.
The following commands generate the file upload and code signing key pairs. BOINC_KEY_DIR is the directory where the keys will be stored. The code signing private key should be stored only on a highly secure (e.g., a disconnected, physically secure) host.
crypt_prog -genkey 1024 BOINC_KEY_DIR/upload_private BOINC_KEY_DIR/upload_public
crypt_prog -genkey 1024 BOINC_KEY_DIR/code_sign_private BOINC_KEY_DIR/code_sign_public
Other functions of crypt_prog:
Create a digital signature for the given file (same as sign_executable).
Create a digital signature for the given string, write it to stdout.
Verify a signature for the given file.
Perform an internal test, checking that encryption followed by decryption works.
Verify a certificate-based signature for the given file.
Convert a signature from OpenSSL form to/from BOINC form.
Convert a key from OpenSSL form to/from BOINC form.
Use sign_executable to sign executable files. It's exactly the same as crypt_prog --sign.
sign_executable file_to_sign private_key_file > signature_file
sign_executable is compiled in the lib/ directory, and installed in your project's bin/ directory. It writes the signature to stdout.