Re: Signing byte-encoded TCL script for EEM

asadovnikov · ‎03-16-2010

Good day,

I am trying to figure out how to sign a TCL script which is distributed in byte-encoded form.

The byte coding is performed with TCL pro (http://sourceforge.net/projects/tclpro/files/TclPro-1.4.1/)

Any pointers on how to do it will be much appreciated.

Regards,

Alexei

Joe Clarke · ‎03-16-2010

Customer-signing of EEM policies is not yet feasible. Only the Cisco trustpoint is supported, and when that is enabled, unsigned policies cannot run. More flexible signing support for EEM Tcl policies is coming in a future version of EEM.

asadovnikov · ‎03-16-2010

Thanks.

When the feature is introduced, it would be great if there was a way to sign byte encoded scripts.

Joe Clarke · ‎03-16-2010

I believe it is slated for EEM 3.4, but I do not have an ETA on that release date.

asadovnikov · ‎03-16-2010

Just to clarify...

Are you saying that

EEM 3.4 or some such release will support 3rd party signing of byte encoded TCL scripts, OR

EEM 3.4 or some such release will support 3rd party signing of TCL scripts while possibility of signing byte encoded script is uncertain?

Thank you

Joe Clarke · ‎03-16-2010

EEM 3.4 should support third party signing of Tcl policies. As to whether or not byte-code compiled policies will be supported is uncertain. However, you should be able to sign a byte-code compiled Tcl script (regular Tcl script, and not EEM policy) by putting the signature after the closing tbcload '}'. I assume the same thing will eventually be doable with EEM.

asadovnikov · ‎03-16-2010

Thank you so very much!