diff options
author | Dave Heller <hellerda@linux.vnet.ibm.com> | 2018-01-17 21:35:18 -0500 |
---|---|---|
committer | Dave Heller <hellerda@linux.vnet.ibm.com> | 2018-01-17 21:35:18 -0500 |
commit | 9c5eef8b773b5a96e68b1a19214b59709dffc807 (patch) | |
tree | 82006859416492133c8c538698b568410c73ab35 | |
parent | 83a103d62b3fc2d167c4e4a8550cf02dc43e0f82 (diff) | |
download | sb-signing-utils-9c5eef8b773b5a96e68b1a19214b59709dffc807.tar.gz sb-signing-utils-9c5eef8b773b5a96e68b1a19214b59709dffc807.zip |
Add test keys to the project
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
-rw-r--r-- | test/keys/README.md | 179 | ||||
-rw-r--r-- | test/keys/extract_pubkeys.sh | 7 | ||||
-rw-r--r-- | test/keys/gen_keys_hash.sh | 3 | ||||
-rw-r--r-- | test/keys/hw_key_a.key | 25 | ||||
-rw-r--r-- | test/keys/hw_key_a.pub | 15 | ||||
-rw-r--r-- | test/keys/hw_key_a.raw | 0 | ||||
-rw-r--r-- | test/keys/hw_key_b.key | 26 | ||||
-rw-r--r-- | test/keys/hw_key_b.pub | 15 | ||||
-rw-r--r-- | test/keys/hw_key_b.raw | 0 | ||||
-rw-r--r-- | test/keys/hw_key_c.key | 26 | ||||
-rw-r--r-- | test/keys/hw_key_c.pub | 15 | ||||
-rw-r--r-- | test/keys/hw_key_c.raw | 0 | ||||
-rw-r--r-- | test/keys/hw_keys_hash.md | 1 | ||||
-rw-r--r-- | test/keys/sw_key_p.key | 16 | ||||
-rw-r--r-- | test/keys/sw_key_p.pub | 6 |
15 files changed, 334 insertions, 0 deletions
diff --git a/test/keys/README.md b/test/keys/README.md new file mode 100644 index 0000000..188debd --- /dev/null +++ b/test/keys/README.md @@ -0,0 +1,179 @@ +# Important Information About Secure and Trusted Boot And Signing Keys + +## Background + +IBM OpenPOWER systems support Secure and Trusted Boot to protect system +firmware. Secure Boot implements a processor based chain of trust. The +chain starts with an implicitly trusted component with other components being +authenticated and integrity checked before being executed on the host processor +cores. At the root of this trust chain is the Host Platform Core Root of Trust +for Measurement (CRTM). Immutable Read Only Memory (ROM - fixed in the POWER +processor chip) verifies the initial firmware load. That firmware verifies +cryptographic signatures on all subsequent "to be trusted" firmware that is +loaded for execution on the P8 cores. Trusted Boot also makes use of this same +CRTM by measuring and recording FW images via a Trusted Platform Module (TPM) +before control is passed on to the next layer in the boot stack. The CRTM +design is based on a Public Key Infrastructure (PKI) process to validate the +firmware images before they are executed. This process makes use of a set of +hardware and firmware asymmetric keys. Multiple organizations will want to +deliver POWER hardware, digitally signed firmware, signed boot code, +hypervisors, and operating systems. Each platform manufacturer wants to +maintain control over its own code and sign it with its own keys. A single key +hash is stored in host processor module SEEPROM representing the anchoring root +set of hardware keys. The P8 Trusted Boot supports a key management flow that +makes use of two kinds of hardware root keys, a wide open, well-known, openly +published public/private key pair (imprint keys) and a set of production keys +where the private key is protected by a hardware security module (HSM) internal +to the manufacturing facility of the key owner. + +## Purpose Of Imprint Public/Private Keys + +It is critical to note that the imprint keys are not to be used for production. +These are strictly for manufacturing and development level support given the +open nature of the private part of the Hardware keys. This allows developers +and testers to sign images and create builds for Secure and Trusted Boot +development lab testing. Systems must be transitioned to production level +keys for customer environments. + +## Manufacturer Key Management Role + +If a system is shipped from the System Manufacturer with imprint keys installed +rather than production level hardware keys, the system must be viewed as running +with a set of well-known default keys and vulnerable to exploitation. The +System Access Administrator must work with the System Manufacturer to insure +that a key transition process is utilized once a hardware based chain of trust +is to be enabled as part of Secure or Trusted Boot functionality. + +## Intentional Public Release Of Imprint Public/Private Keys + +All public and private keys in this directory are being intentionally released +to enable the developer community to sign code images. For true security, a +different set of production signing keys should be used, and the private +production signing key should be carefully guarded. Currently, we do not yet +support production key signing, only development signing. + +### Imprint Private Keys + +#### Hardware Private Keys + +The following files contain the Imprint private keys, in PEM format: + + hw_key_a.key + hw_key_b.key + hw_key_c.key + +#### Software Private Keys + +The project contains one sample Software key: + + sw_key_p.key + +To generate your own software keys use the openssl "ecparam" command. The +following commands will generate new private software keys P, Q and R: + + $ openssl ecparam -genkey -outform pem -noout -name secp521r1 -out sw_key_p.key + $ openssl ecparam -genkey -outform pem -noout -name secp521r1 -out sw_key_q.key + $ openssl ecparam -genkey -outform pem -noout -name secp521r1 -out sw_key_r.key + +OpenPOWER secure boot supports three keys for Hardware (HW) key signing and (up +to) three keys for Software (SW) key signing, This permits a "separation of +duties" in the firmware signing process, if such a separation is desired. All +three HW keys are required, but the SW keys allow for the use of one, two or +three keys. A signature is required (i.e. must be present in the container) by +*all three* firwmare keys, and by every (1-3) SW key in use, to create a +container that will boot with secure mode on. If a separation of duties is not +required, the signer may use the same key for all three required HW keys, and +for the (1-3) required SW keys. The container will boot as long as all required +signatures are present. + +#### Hardware and Software Public Keys + +The project includes the public keys for all the above private keys, in both PEM +format (*.pub) and RAW format (*.raw). In the case where public keys are +required, you may use either format. The RAW format is the minimal binary +format, with all (ASN.1) metadata stripped. This is how they keys are stored +within the container, to provide the minimal footprint. Usually you will work +with the keys in PEM format, as this is the most flexible and widely compatible +format. The RAW keys are included mainly for testing. However, for all +programs included in this project, the *.pub and *.raw keys are interchangeable. + +The PEM format public keys can be easily extracted from the private keys using +the openssl `pkey` command, for example: + + $ openssl pkey -pubout -inform pem -outform pem -in sw_key_p.key -out sw_key_p.pub + +To automatically extract the PEM public keys from the private keys, run the +included `extract_pubkeys.sh` + +#### Keys required by each operational mode + +When running the program in `Local (a.k.a. Development) mode` you must use the +private keys, as the signatures will be created locally. The public keys are +not required, as the program automatically extracts the public key from the +private as needed. + +When running in `Independent mode` you will use the public keys to generate the +signing requests, use the private keys to create the signatures, and again use +the public keys to complete the container. This allows the signing operation to +be done independently of the other steps. + +When running in `Production mode` the public keys are requested from the signing +server, and the signing operations are performed *at* the server, so the private +keys are never exposed. In this mode there is no need to input any keys to the +program; it knows exactly what to request. + +In sum: for any operation where signing is done, the program must consume the +private keys. For any operation where signing requests are generated, or the +final container construction is done, the program needs only the public keys. + +#### Hardware Keys Hash + +As mentioned, a hash of the three public HW keys authorizing the platform +firmware is stored in system SEEPROM. This is a 64 byte, SHA512 hash value. +On a running OpenPOWER machine this value may be read from an entry in the +system device tree: + + # cat /proc/device-tree/ibm,secureboot/hw-key-hash | xxd -p + 40d487ff7380ed6ad54775d5795fea0de2f541fea9db06b8466a42a320e6 + 5f75b48665460017d907515dc2a5f9fc50954d6ee0c9b67d219dfb708535 + 1d01d6d1 + +This pseudo-file is accessible from both the target OS and the petitboot shell. + +Secure boot protects the signed firmware by comparing this hash to the +(calculated) hash of the three HW public keys in the container header (and then +using these keys to verify the HW key signatures, also in the container header). +If the hashes don't match, the machine won't boot. + +To check that the hash of the HW keys you are using to build your container +matches the hash installed in the machine you wish to boot, use the `hashkeys` +tool: + + $ hashkeys -a hw_key_a.key -b hw_key_b.key -c hw_key_c.key + +Note that the tool can calculate the value using either public or private keys +as input. The output is always the hash of the public keys. + +To store the value to a file that you can use to verify the completed container: + + $ hashkeys -a hw_key_a.key -b hw_key_b.key -c hw_key_c.key --outfile hw_keys_hash.md + +Or run the included `gen_keys_hash.sh` which does the same. + +To check the hash of the HW keys in an existing container, run the +`print-container` tool and look for the value in the output: + + $ print-container -w0 --imagefile /tmp/secure-container | grep -A1 "HW keys hash" + HW keys hash (calculated): + 40d487ff7380ed6ad54775d5795fea0de2f541fea9db06b8466a42a32... + +To verify that the value of the HW keys hash in the container matches the given +value, run the `print-container` tool with the `--verify` option. + + $ print-container --no-print --imagefile /tmp/secure-container \ + --validate --verify hw_keys_hash.md + + Container validity check PASSED. Container verification check PASSED. + +Note the `--validate` option performs an independent validity check, but is +shown for completeness diff --git a/test/keys/extract_pubkeys.sh b/test/keys/extract_pubkeys.sh new file mode 100644 index 0000000..36888a7 --- /dev/null +++ b/test/keys/extract_pubkeys.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +for f in *key +do + prefix=$(echo "$f" | cut -f1 -d.) + openssl pkey -pubout -inform pem -outform pem -in "$prefix.key" -out "$prefix.pub" +done diff --git a/test/keys/gen_keys_hash.sh b/test/keys/gen_keys_hash.sh new file mode 100644 index 0000000..2038eb5 --- /dev/null +++ b/test/keys/gen_keys_hash.sh @@ -0,0 +1,3 @@ +#!/bin/bash + + ../../hashkeys -a hw_key_a.key -b hw_key_b.key -c hw_key_c.key --pretty --outfile hw_keys_hash.md diff --git a/test/keys/hw_key_a.key b/test/keys/hw_key_a.key new file mode 100644 index 0000000..8cfd2f2 --- /dev/null +++ b/test/keys/hw_key_a.key @@ -0,0 +1,25 @@ +!!! Important WARNING About This Private Key !!! + +DO NOT STRIP THIS WARNING FROM THIS PRIVATE KEY + +This private is being intentionally released by IBM to enable the developer +community to sign code images. For true security, a different set of production +signing keys should be used, and the private production signing key should be +carefully guarded. + +-----BEGIN EC PRIVATE KEY----- +MIICnAIBAQRBVvu38Sbtau77TPvsvEmYHwAD8WY12vTjRE6SowkePCI0+3k5bawC +J9rKnafuMLCxE2SzTh5JPonVKhBPZeUpaOugggHGMIIBwgIBATBNBgcqhkjOPQEB +AkIB//////////////////////////////////////////////////////////// +//////////////////////////8wgZ4EQgH///////////////////////////// +/////////////////////////////////////////////////////////ARBUZU+ +uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/BzVz +34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5MoSqoNpkugSBhQQAxoWOBrcE +BOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNIs8GF +akKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY9URJV5tEaBevvRcnPmYsl+5y +mV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlACQgH///////////////////// +//////////////////////pRhoeDvy+Wa3/MAUj3CaXQO7XJuImcR667b7cekThk +CQIBAaGBiQOBhgAEALseCHiWoJ4wcnQGjefKigKgnFVDj1D03ikeYzefc2y3wnoe +8neyeB+X071kpXg83nEAVuxqm1Yn1IMJCP9Tz7NhALhglEF2RzciUSwF+GDx8CW7 +RlSBlxbtEPxpODD8/tImnjRig/OngZFce8fds7NPEUxPsoS7xCQ6V+dSAaYM+QYi +-----END EC PRIVATE KEY----- diff --git a/test/keys/hw_key_a.pub b/test/keys/hw_key_a.pub new file mode 100644 index 0000000..f1d6a57 --- /dev/null +++ b/test/keys/hw_key_a.pub @@ -0,0 +1,15 @@ +-----BEGIN PUBLIC KEY----- +MIICXDCCAc8GByqGSM49AgEwggHCAgEBME0GByqGSM49AQECQgH///////////// +//////////////////////////////////////////////////////////////// +/////////zCBngRCAf////////////////////////////////////////////// +///////////////////////////////////////8BEFRlT65YY4cmh+SmiGgtoVA +7qLacluZsxXzuLSJkY7xCeFWGTlR7H6TexZSwL07sb8HNXPfiD0sNPHvRR/Ua1A/ +AAMVANCeiAApHLhTlsxnFzkyhKqg2mS6BIGFBADGhY4GtwQE6c2ePstmI5W0Qpxk +gTkFP7Uh+CivYGtNPbqhS1537+dZKP4dwSei/6jeM0izwYVqQpv5fn4xwuW9ZgEY +OSlqeJo7wARcil+0LH0b2Zj1RElXm0RoF6+9Fyc+ZiyX7nKZXvQmQMVQuQE/rQdh +NTxwhqJywkCIvpR2n9FmUAJCAf////////////////////////////////////// +////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJAgEBA4GGAAQAux4I +eJagnjBydAaN58qKAqCcVUOPUPTeKR5jN59zbLfCeh7yd7J4H5fTvWSleDzecQBW +7GqbVifUgwkI/1PPs2EAuGCUQXZHNyJRLAX4YPHwJbtGVIGXFu0Q/Gk4MPz+0iae +NGKD86eBkVx7x92zs08RTE+yhLvEJDpX51IBpgz5BiI= +-----END PUBLIC KEY----- diff --git a/test/keys/hw_key_a.raw b/test/keys/hw_key_a.raw new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/test/keys/hw_key_a.raw diff --git a/test/keys/hw_key_b.key b/test/keys/hw_key_b.key new file mode 100644 index 0000000..60afd2d --- /dev/null +++ b/test/keys/hw_key_b.key @@ -0,0 +1,26 @@ +!!! Important WARNING About This Private Key !!! + +DO NOT STRIP THIS WARNING FROM THIS PRIVATE KEY + +This private is being intentionally released by IBM to enable the developer +community to sign code images. For true security, a different set of production +signing keys should be used, and the private production signing key should be +carefully guarded. + +-----BEGIN EC PRIVATE KEY----- +MIICnQIBAQRCAQ0nt+2t5RDGWJF6S326TEWyHPdI/VHm+pKvFgCCrVujE7P5oUlv +GP3HZ3qemUX0RgmRjD27RflVdyOL6IlekHSsoIIBxjCCAcICAQEwTQYHKoZIzj0B +AQJCAf////////////////////////////////////////////////////////// +////////////////////////////MIGeBEIB//////////////////////////// +//////////////////////////////////////////////////////////wEQVGV +PrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ4VYZOVHsfpN7FlLAvTuxvwc1 +c9+IPSw08e9FH9RrUD8AAxUA0J6IACkcuFOWzGcXOTKEqqDaZLoEgYUEAMaFjga3 +BATpzZ4+y2YjlbRCnGSBOQU/tSH4KK9ga009uqFLXnfv51ko/h3BJ6L/qN4zSLPB +hWpCm/l+fjHC5b1mARg5KWp4mjvABFyKX7QsfRvZmPVESVebRGgXr70XJz5mLJfu +cple9CZAxVC5AT+tB2E1PHCGonLCQIi+lHaf0WZQAkIB//////////////////// +///////////////////////6UYaHg78vlmt/zAFI9wml0Du1ybiJnEeuu2+3HpE4 +ZAkCAQGhgYkDgYYABACTA8hhnkYIZKrc1O0tojIuF5Mhs9/XLMoSfPmDeqSXg2X9 +tjq598htT5uDWU/9WfrISQ9w81RR+blEvcY+GctkEQFJPYdOapsX2TVoNwvlJeVp +gsQFwer4TOkmNV0FVbH7sJiHRw+ROHC5TOmy9YfQHCc2uAqInaZqPKTz13D8zQCG +Cw== +-----END EC PRIVATE KEY----- diff --git a/test/keys/hw_key_b.pub b/test/keys/hw_key_b.pub new file mode 100644 index 0000000..773fa26 --- /dev/null +++ b/test/keys/hw_key_b.pub @@ -0,0 +1,15 @@ +-----BEGIN PUBLIC KEY----- +MIICXDCCAc8GByqGSM49AgEwggHCAgEBME0GByqGSM49AQECQgH///////////// +//////////////////////////////////////////////////////////////// +/////////zCBngRCAf////////////////////////////////////////////// +///////////////////////////////////////8BEFRlT65YY4cmh+SmiGgtoVA +7qLacluZsxXzuLSJkY7xCeFWGTlR7H6TexZSwL07sb8HNXPfiD0sNPHvRR/Ua1A/ +AAMVANCeiAApHLhTlsxnFzkyhKqg2mS6BIGFBADGhY4GtwQE6c2ePstmI5W0Qpxk +gTkFP7Uh+CivYGtNPbqhS1537+dZKP4dwSei/6jeM0izwYVqQpv5fn4xwuW9ZgEY +OSlqeJo7wARcil+0LH0b2Zj1RElXm0RoF6+9Fyc+ZiyX7nKZXvQmQMVQuQE/rQdh +NTxwhqJywkCIvpR2n9FmUAJCAf////////////////////////////////////// +////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJAgEBA4GGAAQAkwPI +YZ5GCGSq3NTtLaIyLheTIbPf1yzKEnz5g3qkl4Nl/bY6uffIbU+bg1lP/Vn6yEkP +cPNUUfm5RL3GPhnLZBEBST2HTmqbF9k1aDcL5SXlaYLEBcHq+EzpJjVdBVWx+7CY +h0cPkThwuUzpsvWH0BwnNrgKiJ2majyk89dw/M0Ahgs= +-----END PUBLIC KEY----- diff --git a/test/keys/hw_key_b.raw b/test/keys/hw_key_b.raw new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/test/keys/hw_key_b.raw diff --git a/test/keys/hw_key_c.key b/test/keys/hw_key_c.key new file mode 100644 index 0000000..1bf4dfb --- /dev/null +++ b/test/keys/hw_key_c.key @@ -0,0 +1,26 @@ +!!! Important WARNING About This Private Key !!! + +DO NOT STRIP THIS WARNING FROM THIS PRIVATE KEY + +This private is being intentionally released by IBM to enable the developer +community to sign code images. For true security, a different set of production +signing keys should be used, and the private production signing key should be +carefully guarded. + +-----BEGIN EC PRIVATE KEY----- +MIICnQIBAQRCASomU+ACnQy0UDtFX53VV2bwBrc3GPK3hbMrsU1E98YmU4eh/Dpj +FYQOyCPV27GRK8V46a1xvWs57per+X4R9LVdoIIBxjCCAcICAQEwTQYHKoZIzj0B +AQJCAf////////////////////////////////////////////////////////// +////////////////////////////MIGeBEIB//////////////////////////// +//////////////////////////////////////////////////////////wEQVGV +PrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ4VYZOVHsfpN7FlLAvTuxvwc1 +c9+IPSw08e9FH9RrUD8AAxUA0J6IACkcuFOWzGcXOTKEqqDaZLoEgYUEAMaFjga3 +BATpzZ4+y2YjlbRCnGSBOQU/tSH4KK9ga009uqFLXnfv51ko/h3BJ6L/qN4zSLPB +hWpCm/l+fjHC5b1mARg5KWp4mjvABFyKX7QsfRvZmPVESVebRGgXr70XJz5mLJfu +cple9CZAxVC5AT+tB2E1PHCGonLCQIi+lHaf0WZQAkIB//////////////////// +///////////////////////6UYaHg78vlmt/zAFI9wml0Du1ybiJnEeuu2+3HpE4 +ZAkCAQGhgYkDgYYABAFUBCtSjR9PiJqVhg/EIsNGp0phvJ8gE5XBFTnox8n8a+Ji +4e7r8Uae9Qea6hnvWa6HzAup1KEJAl6vobyhyItaegDEHRy56UIij9nDVYhSIXia +EEln8xLVz5cB//hToEtexHUvdax85Nacwco6FyGNxzptGddL+/ds/rkZ05Q1fFUr +WQ== +-----END EC PRIVATE KEY----- diff --git a/test/keys/hw_key_c.pub b/test/keys/hw_key_c.pub new file mode 100644 index 0000000..d954440 --- /dev/null +++ b/test/keys/hw_key_c.pub @@ -0,0 +1,15 @@ +-----BEGIN PUBLIC KEY----- +MIICXDCCAc8GByqGSM49AgEwggHCAgEBME0GByqGSM49AQECQgH///////////// +//////////////////////////////////////////////////////////////// +/////////zCBngRCAf////////////////////////////////////////////// +///////////////////////////////////////8BEFRlT65YY4cmh+SmiGgtoVA +7qLacluZsxXzuLSJkY7xCeFWGTlR7H6TexZSwL07sb8HNXPfiD0sNPHvRR/Ua1A/ +AAMVANCeiAApHLhTlsxnFzkyhKqg2mS6BIGFBADGhY4GtwQE6c2ePstmI5W0Qpxk +gTkFP7Uh+CivYGtNPbqhS1537+dZKP4dwSei/6jeM0izwYVqQpv5fn4xwuW9ZgEY +OSlqeJo7wARcil+0LH0b2Zj1RElXm0RoF6+9Fyc+ZiyX7nKZXvQmQMVQuQE/rQdh +NTxwhqJywkCIvpR2n9FmUAJCAf////////////////////////////////////// +////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJAgEBA4GGAAQBVAQr +Uo0fT4ialYYPxCLDRqdKYbyfIBOVwRU56MfJ/GviYuHu6/FGnvUHmuoZ71muh8wL +qdShCQJer6G8ociLWnoAxB0cuelCIo/Zw1WIUiF4mhBJZ/MS1c+XAf/4U6BLXsR1 +L3WsfOTWnMHKOhchjcc6bRnXS/v3bP65GdOUNXxVK1k= +-----END PUBLIC KEY----- diff --git a/test/keys/hw_key_c.raw b/test/keys/hw_key_c.raw new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/test/keys/hw_key_c.raw diff --git a/test/keys/hw_keys_hash.md b/test/keys/hw_keys_hash.md new file mode 100644 index 0000000..e0328fc --- /dev/null +++ b/test/keys/hw_keys_hash.md @@ -0,0 +1 @@ +0x40d487ff7380ed6ad54775d5795fea0de2f541fea9db06b8466a42a320e65f75b48665460017d907515dc2a5f9fc50954d6ee0c9b67d219dfb7085351d01d6d1 diff --git a/test/keys/sw_key_p.key b/test/keys/sw_key_p.key new file mode 100644 index 0000000..548e880 --- /dev/null +++ b/test/keys/sw_key_p.key @@ -0,0 +1,16 @@ +!!! Important WARNING About This Private Key !!! + +DO NOT STRIP THIS WARNING FROM THIS PRIVATE KEY + +This private is being intentionally released by IBM to enable the developer +community to sign code images. For true security, a different set of production +signing keys should be used, and the private production signing key should be +carefully guarded. + +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIA1vyq2cSPgwWxVtPIEOqGL3UVsy5juBQz8XekOq6aeYf/nqC9u8u+ +GqCiffgBCPnXfWOWLtkaokYEPuMe7TekzomgBwYFK4EEACOhgYkDgYYABAD8W6NM +6nVfsYps75ko1gfNrJO9XqbWAuUuyFA/O8S5tPwVP+atGpc4PE+uTEI24t7mkYLa +kZhnGlmQpjr4fjkFvgAZDwhcQ+hWmzXYEBobYIPgItJi+8GvxBHBZvQWqpVWRfU9 +nSOxLTjjZ3i3dvBnQpCnx4cpTtIJPzFuE+kXqxLDnQ== +-----END EC PRIVATE KEY----- diff --git a/test/keys/sw_key_p.pub b/test/keys/sw_key_p.pub new file mode 100644 index 0000000..8d404c9 --- /dev/null +++ b/test/keys/sw_key_p.pub @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA/FujTOp1X7GKbO+ZKNYHzayTvV6m +1gLlLshQPzvEubT8FT/mrRqXODxPrkxCNuLe5pGC2pGYZxpZkKY6+H45Bb4AGQ8I +XEPoVps12BAaG2CD4CLSYvvBr8QRwWb0FqqVVkX1PZ0jsS0442d4t3bwZ0KQp8eH +KU7SCT8xbhPpF6sSw50= +-----END PUBLIC KEY----- |