[PATCH v2 15/17] crypto: concatenate fit development certificate with private key
Sascha Hauer
s.hauer at pengutronix.de
Tue Nov 4 02:11:32 PST 2025
On Mon, Nov 03, 2025 at 12:41:14PM +0100, Jonas Rebmann wrote:
> Hi Sascha,
>
> On 2025-11-03 11:08, Sascha Hauer wrote:
> > On Tue, Oct 28, 2025 at 07:03:20PM +0100, Jonas Rebmann wrote:
> > > Merge the exemplary keys copied in from [1] into a single pem file,
> > > in a manner similar to test/self/development_rsa2048.pem for consistency
> > > and to reduce clutter a bit.
> > >
> > > While at it, rename them from "fit-" to "snakeoil-" as they are not only
> > > used for fit, but also for tlv integration tests, and to indicate more
> > > clearly that these are publicly known keys.
> >
> > Should we rather keep the "fit" name and add another key for tlv
> > integration tests?
>
> I'd rather not add more 'compromised' keys to the repo. What would be
> the gain?
My thinking was that with this we could make sure that during tests
actually a key from the desired keyring is used.
>
> I think naming it snakeoil gives it the warning it deserves. We should
> make it hard for anyone to confuse our CI/Development keys with their
> production keys.
Indeed. I just don't like the term "snakeoil" here.
>From wikipedia:
"Snake oil" is a term used to describe deceptive marketing, health care fraud, or a scam.
We don't do anything like this here. We're not trying to sell snake oil.
I am open for something like "testing" or "development".
Also we might want to add a runtime message like:
"WARNING: This barebox binary contains well known keys and is unsecure"
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list