1

I have to do a project like a subscription manager. Ideally this should work like RedHat subscriptions. I'm having a hard time figuring out how it was implemented. How do they manage to avoid a customer modifying the subscription components in a operating system and getting free patches to more instances that they have in the subscription? (ie they have X instances in the subscription but customer runs Y number of instances and Y > X.)

Does anyone know how it works, the cryptography of the system, etc.? Any open research articles, documents?

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
Thilina
  • 153
  • 3

1 Answers1

3

RHSM is the new x509 based PKI solution to their older RHN subscription manager.

Unlike RHN which provided authorization only for registered systems, RHSM provides authentication, authorization and repudiation based on certificates.

Those certificates rely on your typical asymmetric encryption making use of private and public keys to generate and sign the x509 certificates used for authenticating and authorizing subscription based updates.

If you are looking for the specific algorithms used to generate the keys you can always use the OpenSSL command line tool to examine the ASN.1 structure to determine that.

openssl x509 -text -noout -in

jas-
  • 931
  • 5
  • 9