When compiling OpenWrt source code, make V=s prompts OpenWrt to appear signing key has not been solution
The compilation appears as follows:
Generating index for package./UHTTPD_2014-10-27-FD8E5E379C23C5FBCEC3E76894B839233DF09067_RAMIPS_24KEC.IPK
Generating index for package./WATCHDOG_1_RAMIPS_24KEC.IPK
Generating index for package./WIRELESS-TOOLS_29-5_RAMIPS_24KEC.IPK
Signing key has not been configured
Because of the addition of the package signature, you can look at the link below to add a description of this feature
https://dev.openwrt.org/changeset/38284
There's this saying add package signing key and certificate configuration options to the
"Image Configuration" submenu.
This is because signature authentication is required when using some packages because no information is provided and all errors
Only need to make a signed and certificate to add to the "Image Configuration" subdirectory, the following is your own signature and certificate process
1. Install OpenSSL
First you have to install the OpenSSL package OpenSSL, after installing this package, we can do these things:
o creation of RSA, DH and DSA key Parameters # Create key
o creation of X.509 certificates, CSRS and CRLs # Create certificate
o Calculation of message digests #
o Encryption and decryption with ciphers # encryption, decryption
o SSL/TLS client and server Tests # SSL server-side/Client Testing
o handling of S/MIME signed or encrypted mail # Processing signed or encrypted messages
2, the method of generating RSA key
OpenSSL genrsa-des3-out Privkey.pem 2048
This command will generate a 2048-bit key, with a Des3 method encrypted password, if you do not want to enter the password each time, you can change to:
OpenSSL genrsa-out Privkey.pem 2048
It is recommended that you use a 2048-bit key, which is less likely to be unsafe or will soon be unsafe.
3. Generate a certificate request (input instructions and then enter the relevant information step by step)
OpenSSL Req-new-key privkey.pem-out CERT.CSR
This command will generate a certificate request, of course, with the previously generated key PRIVKEY.PEM file
This will generate a new file CERT.CSR, a certificate request file, where you can take this file to the digital certification authority (CA) to request a digital certificate. The CA will give you a new file Cacert.pem, that's your digital certificate.
If you are doing your own testing, the applicant and the issuer of the certificate are themselves. You can use the following command to generate the certificate:
OpenSSL Req-new-x509-key privkey.pem-out cacert.pem-days 1095
This command will generate a digital certificate using the key generated above Privkey.pem CACERT.PEM
The production documents are as follows
4. Using digital certificates and keys
With Privkey.pem and Cacert.pem files, you can use them in your own programs, such as a server that encrypts communications.
When you perform make Menuconfig Select image configuration (required), press the Y key, enter the
See the configuration of the key
Select Package signing options after carriage return
Enter the package signing options option, fill in the full path of the previous production certificate, and select the wait for Paaphrase when signing package
5. Recompile software
Make V=s
You can see that the signing key has not been configured no longer appears, but signing package index, the relevant software used will automatically complete the signature.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
