One of my friends is tinkering with keyctl and had a few questions about the Linux kernel modules e.g. pkcs8_key_parser.
So I ran through an end-to-end setup to grow my own understanding, with thanks to: -
for enabling me to grow my understanding 🤣🤣
What OS do I have ?
lsb_release -a
Distributor ID:Ubuntu
Description:Ubuntu 20.04.3 LTS
Release:20.04
Codename:focal
What kernel am I running ?
uname -a
Install the keyutils package
sudo apt install keyutils
Set a subject for the public key
export subject="/C=GB/O=IBM/CN="`hostname`
Set the description for the keyring entry
export description="Test1"
Generate a RSA private key
openssl genrsa | openssl pkcs8 -topk8 -nocrypt -outform DER -out privatekey.der
....................+++++
.....................+++++
e is 65537 (0x010001)
Generate a public key/certificate
openssl req -x509 -key privatekey.der -out certificate.pem -days 365 -keyform DER -subj $subject
Add private key to keyring
keyctl padd asymmetric $description @u <privatekey.der
Load required key parser module
sudo modprobe pkcs8_key_parser
Verify module load
lsmod |grep key
Add private key to keyring - second attempt
keyctl padd asymmetric $description @u <privatekey.der
Validate keyring
keyctl list @u
676878733: --als--v 1000 1000 asymmetric: Test1