[PATCH] docs/zh_CN: Add security digsig Chinese translation

linux-doc.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] docs/zh_CN: Add security digsig Chinese translation
@ 2024-12-27  8:28 Shuo Zhao
  2025-01-02  7:32 ` Yanteng Si
  0 siblings, 1 reply; 3+ messages in thread
From: Shuo Zhao @ 2024-12-27  8:28 UTC (permalink / raw)
  To: alexs, si.yanteng, corbet; +Cc: zhaoyuehui, linux-doc, Shuo Zhao

Translate .../security/digsig.rst into Chinese.

Update the translation through commit d56b699d76d1
("Documentation: Fix typos").

Signed-off-by: Shuo Zhao <zhaoshuo@cqsoftware.com.cn>
---
 .../translations/zh_CN/security/digsig.rst    | 100 ++++++++++++++++++
 .../translations/zh_CN/security/index.rst     |   2 +-
 2 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 Documentation/translations/zh_CN/security/digsig.rst

diff --git a/Documentation/translations/zh_CN/security/digsig.rst b/Documentation/translations/zh_CN/security/digsig.rst
new file mode 100644
index 000000000000..96560d52859e
--- /dev/null
+++ b/Documentation/translations/zh_CN/security/digsig.rst
@@ -0,0 +1,100 @@
+.. SPDX-License-Identifier: GPL-2.0
+.. include:: ../disclaimer-zh_CN.rst
+
+:Original: Documentation/security/digsig.rst
+
+:翻译:
+ 赵硕 Shuo Zhao <zhaoshuo@cqsoftware.com.cn>
+
+===============
+数字签名验证API
+===============
+
+
+.. 内容
+
+   1.介绍
+   2.API
+   3.用户空间工具
+
+
+介绍
+====
+
+数字签名验证API提供了一种验证数字签名的方法。
+目前，数字签名被IMA/EVM完整性保护子系统使用。
+
+数字签名验证是GnuPG多精度整数(MPI)库精简后的内核移植版本来实现的。
+该内核版本提供了内存分配错误处理，已根据内核编码风格进行重构，并修复
+了checkpatch.pl报告的错误和警告。
+
+公钥和签名由头部和MPIs组成::
+
+	struct pubkey_hdr {
+		uint8_t		version;	/* 密钥格式版本 */
+		time_t		timestamp;	/* 密钥时间戳，目前为0 */
+		uint8_t		algo;
+		uint8_t		nmpi;
+		char		mpi[0];
+	} __packed;
+
+	struct signature_hdr {
+		uint8_t		version;	/* 签名格式版本 */
+		time_t		timestamp;	/* 签名时间戳 */
+		uint8_t		algo;
+		uint8_t		hash;
+		uint8_t		keyid[8];
+		uint8_t		nmpi;
+		char		mpi[0];
+	} __packed;
+
+keyid等同对整个密钥的内容进行SHA1哈希运算后的第12到19字节。
+签名头部用于生成签名的输入。这种方法确保了密钥或签名头部无法更改。
+它保护时间戳不被更改，并可以用于回滚保护。
+
+API
+===
+
+目前API仅包含一个函数::
+
+	digsig_verify() - 使用公钥进行数字签名验证
+
+	/**
+	* digsig_verify() - 使用公钥进行数字签名验证
+	* @keyring:   查找密钥的密钥环
+	* @sig:       数字签名
+	* @sigen:     签名的长度
+	* @data:      数据
+	* @datalen:   数据的长度
+	* @return:    成功时返回0，失败时返回 -EINVAL
+	*
+	* 验证数据相对于数字签名的完整性。
+	* 目前仅支持RSA算法。
+	* 通常将内容的哈希值作为此函数的数据。
+	*
+	*/
+	int digsig_verify(struct key *keyring, const char *sig, int siglen,
+				  const char *data, int datalen);
+
+用户空间工具
+============
+
+签名和密钥管理实用工具evm-utils提供了生成签名、加载密钥到内核密钥环中的功能。
+密钥可以是PEM格式，或转换为内核格式。
+当把密钥添加到内核密钥环时，keyid定义该密钥的名称：下面的示例中为5D2B05FC633EE3E8。
+
+以下是keyctl实用工具的示例输出::
+
+	$ keyctl show
+	Session Keyring
+	-3 --alswrv      0     0  keyring: _ses
+	603976250 --alswrv      0    -1   \_ keyring: _uid.0
+	817777377 --alswrv      0     0       \_ user: kmk
+	891974900 --alswrv      0     0       \_ encrypted: evm-key
+	170323636 --alswrv      0     0       \_ keyring: _module
+	548221616 --alswrv      0     0       \_ keyring: _ima
+	128198054 --alswrv      0     0       \_ keyring: _evm
+
+	$ keyctl list 128198054
+	1 key in keyring:
+	620789745: --alswrv     0     0 user: 5D2B05FC633EE3E8
diff --git a/Documentation/translations/zh_CN/security/index.rst b/Documentation/translations/zh_CN/security/index.rst
index 92e2d8a7dec8..c73cd289ac3e 100644
--- a/Documentation/translations/zh_CN/security/index.rst
+++ b/Documentation/translations/zh_CN/security/index.rst
@@ -16,6 +16,7 @@
    :maxdepth: 1
 
    lsm
+   digsig
 
 TODOLIST:
 * credentials
@@ -28,7 +29,6 @@ TODOLIST:
 * self-protection
 * siphash
 * tpm/index
-* digsig
 * landlock
 * secrets/index
 * ipe
-- 
2.47.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] docs/zh_CN: Add security digsig Chinese translation
  2024-12-27  8:28 [PATCH] docs/zh_CN: Add security digsig Chinese translation Shuo Zhao
@ 2025-01-02  7:32 ` Yanteng Si
  2025-01-02  8:58   ` zhaoshuo
  0 siblings, 1 reply; 3+ messages in thread
From: Yanteng Si @ 2025-01-02  7:32 UTC (permalink / raw)
  To: Shuo Zhao, alexs, corbet; +Cc: zhaoyuehui, linux-doc

Hi Zhao Shuo,


在 2024/12/27 16:28, Shuo Zhao 写道:
> Translate .../security/digsig.rst into Chinese.
>
> Update the translation through commit d56b699d76d1
> ("Documentation: Fix typos").
>
> Signed-off-by: Shuo Zhao <zhaoshuo@cqsoftware.com.cn>
> ---
>   .../translations/zh_CN/security/digsig.rst    | 100 ++++++++++++++++++
>   .../translations/zh_CN/security/index.rst     |   2 +-
>   2 files changed, 101 insertions(+), 1 deletion(-)
>   create mode 100644 Documentation/translations/zh_CN/security/digsig.rst
>
> diff --git a/Documentation/translations/zh_CN/security/digsig.rst b/Documentation/translations/zh_CN/security/digsig.rst
> new file mode 100644
> index 000000000000..96560d52859e
> --- /dev/null
> +++ b/Documentation/translations/zh_CN/security/digsig.rst
> @@ -0,0 +1,100 @@
> +.. SPDX-License-Identifier: GPL-2.0
> +.. include:: ../disclaimer-zh_CN.rst
> +
> +:Original: Documentation/security/digsig.rst
> +
> +:翻译:
> + 赵硕 Shuo Zhao <zhaoshuo@cqsoftware.com.cn>
> +
> +===============
> +数字签名验证API
> +===============
> +
> +
> +.. 内容
> +
> +   1.介绍
> +   2.API
> +   3.用户空间工具
> +
> +
> +介绍
> +====
> +
> +数字签名验证API提供了一种验证数字签名的方法。
> +目前，数字签名被IMA/EVM完整性保护子系统使用。
> +
> +数字签名验证是GnuPG多精度整数(MPI)库精简后的内核移植版本来实现的。
how about:
数字签名验证是通过精简的 GnuPG 多精度整数（MPI）库的内核移植来实现的。


Thanks,
Yanteng



>   * ipe


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] docs/zh_CN: Add security digsig Chinese translation
  2025-01-02  7:32 ` Yanteng Si
@ 2025-01-02  8:58   ` zhaoshuo
  0 siblings, 0 replies; 3+ messages in thread
From: zhaoshuo @ 2025-01-02  8:58 UTC (permalink / raw)
  To: Yanteng Si, alexs, corbet; +Cc: zhaoyuehui, linux-doc


在 2025/1/2 15:32, Yanteng Si 写道:
> Hi Zhao Shuo,
>
>
> 在 2024/12/27 16:28, Shuo Zhao 写道:
>> Translate .../security/digsig.rst into Chinese.
>>
>> Update the translation through commit d56b699d76d1
>> ("Documentation: Fix typos").
>>
>> Signed-off-by: Shuo Zhao <zhaoshuo@cqsoftware.com.cn>
>> ---
>>   .../translations/zh_CN/security/digsig.rst    | 100 ++++++++++++++++++
>>   .../translations/zh_CN/security/index.rst     |   2 +-
>>   2 files changed, 101 insertions(+), 1 deletion(-)
>>   create mode 100644 
>> Documentation/translations/zh_CN/security/digsig.rst
>>
>> diff --git a/Documentation/translations/zh_CN/security/digsig.rst 
>> b/Documentation/translations/zh_CN/security/digsig.rst
>> new file mode 100644
>> index 000000000000..96560d52859e
>> --- /dev/null
>> +++ b/Documentation/translations/zh_CN/security/digsig.rst
>> @@ -0,0 +1,100 @@
>> +.. SPDX-License-Identifier: GPL-2.0
>> +.. include:: ../disclaimer-zh_CN.rst
>> +
>> +:Original: Documentation/security/digsig.rst
>> +
>> +:翻译:
>> + 赵硕 Shuo Zhao <zhaoshuo@cqsoftware.com.cn>
>> +
>> +===============
>> +数字签名验证API
>> +===============
>> +
>> +
>> +.. 内容
>> +
>> +   1.介绍
>> +   2.API
>> +   3.用户空间工具
>> +
>> +
>> +介绍
>> +====
>> +
>> +数字签名验证API提供了一种验证数字签名的方法。
>> +目前，数字签名被IMA/EVM完整性保护子系统使用。
>> +
>> +数字签名验证是GnuPG多精度整数(MPI)库精简后的内核移植版本来实现的。
> how about:
> 数字签名验证是通过精简的 GnuPG 多精度整数（MPI）库的内核移植来实现的。

Ok.


Thanks,

ZhaoShuo

>
>
> Thanks,
> Yanteng
>
>
>
>>   * ipe
>
>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-01-02 12:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-27  8:28 [PATCH] docs/zh_CN: Add security digsig Chinese translation Shuo Zhao
2025-01-02  7:32 ` Yanteng Si
2025-01-02  8:58   ` zhaoshuo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).