[{"id":38586,"web_url":"https://patchwork.libcamera.org/comment/38586/","msgid":"<3d08d666-08c1-415a-a19d-43e0b2bf8249@ideasonboard.com>","date":"2026-04-13T08:49:32","subject":"Re: [PATCH 3/4] ipa: ipa-sign: Sign IPA according to the signature\n\talgorithm of the key","submitter":{"id":216,"url":"https://patchwork.libcamera.org/api/people/216/","name":"Barnabás Pőcze","email":"barnabas.pocze@ideasonboard.com"},"content":"Hi\n\n2026. 04. 08. 9:55 keltezéssel, Kate Hsuan írta:\n> Sign IPA according to the signature algorithm of the key.\n> \n> Signed-off-by: Kate Hsuan \n> ---\n> src/ipa/ipa-sign.sh | 7 ++++++-\n> 1 file changed, 6 insertions(+), 1 deletion(-)\n> \n> diff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh\n> index 69024213..aa9c7d31 100755\n> --- a/src/ipa/ipa-sign.sh\n> +++ b/src/ipa/ipa-sign.sh\n> @@ -10,4 +10,9 @@ key=\"$1\"\n> input=\"$2\"\n> output=\"$3\"\n> \n> -openssl dgst -sha256 -sign \"${key}\" -out \"${output}\" \"${input}\"\n> +if openssl pkey -text -noout -in \"${key}\" 2>/dev/null | grep -q \"ML-DSA\"; then\n\nI'm not familiar with the openssl cli, but is there really no way to use a single command for signing?\n\n\nRegards,\nBarnabás Pőcze\n\n\n> +\topenssl pkeyutl -sign -inkey \"${key}\" -rawin \\\n> +\t\t-in \"${input}\" -out \"${output}\"\n> +else\n> +\topenssl dgst -sha256 -sign \"${key}\" -out \"${output}\" \"${input}\"\n> +fi","headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 7F995C32BB\n\tfor ;\n\tMon, 13 Apr 2026 08:49:39 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 6773462E6A;\n\tMon, 13 Apr 2026 10:49:38 +0200 (CEST)","from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 952F062846\n\tfor ;\n\tMon, 13 Apr 2026 10:49:36 +0200 (CEST)","from [192.168.33.49] (185.182.214.8.nat.pool.zt.hu [185.182.214.8])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 9957A78C;\n\tMon, 13 Apr 2026 10:48:04 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=ideasonboard.com header.i=@ideasonboard.com\n\theader.b=\"YRq5OSF5\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1776070084;\n\tbh=hL+C0QAwlFp65SPU3bamfMJmf9hdasKBwQ/vCwosEKM=;\n\th=Date:Subject:To:References:From:In-Reply-To:From;\n\tb=YRq5OSF5jJywwWiA7CQ1vtKYH1wwm7yh5CiMYxzwqylTjg7916vnrN2wXMsngQl/J\n\tSapu2Vk8CvlUsM7Ml4JokvLuWEyQaxSaULPCPvzzPa2x8OtFXAj6tsCzOpiYJOJf6u\n\tjDZkppLRkLekZ/6DQbKZYgPyh2d3cIYk56GII40Y=","Message-ID":"<3d08d666-08c1-415a-a19d-43e0b2bf8249@ideasonboard.com>","Date":"Mon, 13 Apr 2026 10:49:32 +0200","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH 3/4] ipa: ipa-sign: Sign IPA according to the signature\n\talgorithm of the key","To":"Kate Hsuan , libcamera-devel@lists.libcamera.org","References":"<20260408075540.53309-1-hpa@redhat.com>\n\t<20260408075540.53309-4-hpa@redhat.com>","From":"=?utf-8?q?Barnab=C3=A1s_P=C5=91cze?= ","Content-Language":"en-US, hu-HU","In-Reply-To":"<20260408075540.53309-4-hpa@redhat.com>","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"8bit","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "}},{"id":38619,"web_url":"https://patchwork.libcamera.org/comment/38619/","msgid":"","date":"2026-04-16T04:24:10","subject":"Re: [PATCH 3/4] ipa: ipa-sign: Sign IPA according to the signature\n\talgorithm of the key","submitter":{"id":105,"url":"https://patchwork.libcamera.org/api/people/105/","name":"Kate Hsuan","email":"hpa@redhat.com"},"content":"Hi Barnabás,\n\nOn Mon, Apr 13, 2026 at 4:49 PM Barnabás Pőcze\n wrote:\n>\n> Hi\n>\n> 2026. 04. 08. 9:55 keltezéssel, Kate Hsuan írta:\n> > Sign IPA according to the signature algorithm of the key.\n> >\n> > Signed-off-by: Kate Hsuan \n> > ---\n> > src/ipa/ipa-sign.sh | 7 ++++++-\n> > 1 file changed, 6 insertions(+), 1 deletion(-)\n> >\n> > diff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh\n> > index 69024213..aa9c7d31 100755\n> > --- a/src/ipa/ipa-sign.sh\n> > +++ b/src/ipa/ipa-sign.sh\n> > @@ -10,4 +10,9 @@ key=\"$1\"\n> > input=\"$2\"\n> > output=\"$3\"\n> >\n> > -openssl dgst -sha256 -sign \"${key}\" -out \"${output}\" \"${input}\"\n> > +if openssl pkey -text -noout -in \"${key}\" 2>/dev/null | grep -q \"ML-DSA\"; then\n>\n> I'm not familiar with the openssl cli, but is there really no way to use a single command for signing?\n>\n\nAfter a survey and testing, the command can be replaced with a one-line command\n# openssl pkeyutl -sign -inkey \"${key}\" -rawin -in \"${input}\" -out \"${output}\"\n\nHowever, this command didn't explicitly indicate the digest algorithm\nfor RSA. The default digest algorithm for RSA is SHA256, and it is the\nsame as the libcamera IPA signature algorithm.\nIf it is good for you, I can simplify the script with a one-line command.\n\n>\n> Regards,\n> Barnabás Pőcze\n>\n>\n> > + openssl pkeyutl -sign -inkey \"${key}\" -rawin \\\n> > + -in \"${input}\" -out \"${output}\"\n> > +else\n> > + openssl dgst -sha256 -sign \"${key}\" -out \"${output}\" \"${input}\"\n> > +fi\n>","headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 01CE7C324E\n\tfor ;\n\tThu, 16 Apr 2026 04:24:28 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id E912C62EB2;\n\tThu, 16 Apr 2026 06:24:27 +0200 (CEST)","from us-smtp-delivery-124.mimecast.com\n\t(us-smtp-delivery-124.mimecast.com [170.10.129.124])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 3F76862EAA\n\tfor ;\n\tThu, 16 Apr 2026 06:24:26 +0200 (CEST)","from mail-ot1-f69.google.com (mail-ot1-f69.google.com\n\t[209.85.210.69]) by relay.mimecast.com with ESMTP with STARTTLS\n\t(version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n\tus-mta-47-HhP2aDDiNz6laDGB-6yV_Q-1; Thu, 16 Apr 2026 00:24:23 -0400","by mail-ot1-f69.google.com with SMTP id\n\t46e09a7af769-7dc41904354so13449640a34.0\n\tfor ;\n\tWed, 15 Apr 2026 21:24:23 -0700 (PDT)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=redhat.com header.i=@redhat.com\n\theader.b=\"RnlRM1GR\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n\ts=mimecast20190719; t=1776313464;\n\th=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n\tto:to:cc:cc:mime-version:mime-version:content-type:content-type:\n\tcontent-transfer-encoding:content-transfer-encoding:\n\tin-reply-to:in-reply-to:references:references;\n\tbh=7NpNXLv8V+CrmXWgWxaQIrCHb7kOW8UJbby1wklkgbc=;\n\tb=RnlRM1GRt34oDb0MwHnqj60APrpSIex3xo7jYnPdxz8Fe5iE8+cN599cZa7Jo49iUaeT+5\n\tSIaN5ABMJ1WlpBdljk4pEotL9QCQv5fE8dAohaqK2vFthkR9LYkGi+QVS0XRK+jyB9ve61\n\tdKqAGD6gF7RaDps41Gv19C9d3VtMWGc=","X-MC-Unique":"HhP2aDDiNz6laDGB-6yV_Q-1","X-Mimecast-MFC-AGG-ID":"HhP2aDDiNz6laDGB-6yV_Q_1776313462","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20251104; t=1776313462; x=1776918262;\n\th=content-transfer-encoding:cc:to:subject:message-id:date:from\n\t:in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n\t:to:cc:subject:date:message-id:reply-to;\n\tbh=7NpNXLv8V+CrmXWgWxaQIrCHb7kOW8UJbby1wklkgbc=;\n\tb=mqixv/eG5DtVxrPRSLnI1OT6lUEbuYpHShLZEoQXdQDP1LiNWss09qeKELb3Ufoy+6\n\twUtagWcw2phLFuPDrr5fZUZx6cL4la/a9PlaVHSkkPYYhGQfRizVUYx/Kanh5+3jyVXn\n\t8U1x0tIKSfg351VKxn5DC054a1+i/FWwggJNhmJivuURpXgBTM/npKIXtbv1PHihL/cq\n\tADl4LbT7LiYaPRAGw78/5Kc17/b4r0NFW5lf2sIw4cRdDgTwRe0tLP5mwWXNSrE58Zty\n\tetxzcdkYJaTZcxcXJkxe2D9AzMoMTEElI7VUmy8SMJBHlopfizX1AtZh33Hs8LAe/0sX\n\tyIfQ==","X-Gm-Message-State":"AOJu0YyCg/rU2Vr9djfMvxL9GHziR/ADPy+raAEXN7ILvV9j0h3Zvhrh\n\tuZed86HYFb/xhy3wasaBq0ENckcnBakq8u/8oWS6ARqJFkDivCEk4tXjse2gN6ML2N7Qt1UsA91\n\t/deH48XRA/Akle8QtTm/i6yxg7vnBMRea2qkuiLumEbn6lEOgc5tKkP1BxUX1Elrv8BB/sR5PlV\n\tzYwJQ9z0nGBFXg/VN5BjcLLbHNM1JYuAE7h6PPPqRnG4vEYYIlDA==","X-Gm-Gg":"AeBDietwNeLsKyM13ELFCV0UMOtUL3jJxHIVywOyZAQcKUY/dkmEcDPNRR6p/sc2il/\n\tXsNBfP9Cnw8aDGEJFneHcN1HOqltt3NY86ggCE4nz52ufGZcB3RVu74l+LfjytZWe/mstUe2hle\n\tGsWBq5pULX7iyYXgrsiggT//NVefi/qW9hTUkIScShRTxLWJvbSJCsUvcaUKaR3wgl3GHHX7Ek7\n\tmajW7caccziVDQl","X-Received":["by 2002:a05:6820:2d09:b0:67d:fba3:abe7 with SMTP id\n\t006d021491bc7-68be5778436mr10634443eaf.2.1776313462372; \n\tWed, 15 Apr 2026 21:24:22 -0700 (PDT)","by 2002:a05:6820:2d09:b0:67d:fba3:abe7 with SMTP id\n\t006d021491bc7-68be5778436mr10634439eaf.2.1776313461949;\n\tWed, 15 Apr 2026 21:24:21 -0700 (PDT)"],"MIME-Version":"1.0","References":"<20260408075540.53309-1-hpa@redhat.com>\n\t<20260408075540.53309-4-hpa@redhat.com>\n\t<3d08d666-08c1-415a-a19d-43e0b2bf8249@ideasonboard.com>","In-Reply-To":"<3d08d666-08c1-415a-a19d-43e0b2bf8249@ideasonboard.com>","From":"Kate Hsuan ","Date":"Thu, 16 Apr 2026 12:24:10 +0800","X-Gm-Features":"AQROBzDNg1OaaC5VM3EjlsMPYliA7vPJbOIRlrGGs8y4MOd6V-OYOdzYbcVj6zg","Message-ID":"","Subject":"Re: [PATCH 3/4] ipa: ipa-sign: Sign IPA according to the signature\n\talgorithm of the key","To":"=?utf-8?q?Barnab=C3=A1s_P=C5=91cze?= ","Cc":"libcamera-devel@lists.libcamera.org","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"LARBX_l7utdG8IF2GDdtB624dbe3_yoozqu2fWF_KmQ_1776313462","X-Mimecast-Originator":"redhat.com","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "}}]