PREVIEW: bsign embeds hash and/or digital signature in ELF files

Oscar Levi elf at buici.com
Sat Dec 12 21:09:29 CET 1998


I've been working on a couple of tools to help smooth out system
administration.  The first one I've got to work is bsign.  It embeds a
hash and optional GPG signature in ELF format files that can be use to
do two things.  It can be used to find files that have been corrupted
by faulty hardware; and it can be used to verify the authenticity of a
binary file.

This program arose from a problem I have seen at two of my client's
sites.  They have old IDE disk drives that go south in a way that RAID
doesn't compensate.  If a bit in a mirror goes bad, there is no way to
know which mirror is the good one.  The same is true for RAID5.

The signature stuff came later when I realized how easy it would be to
add.  It is primitive right now in that it doesn't have enough
features to make the signing truly secure and useful.

I'm posting this notice to let interested folks try it out.  I have
done enough testing to believe that it correctly rewrites executables
and shared libraries.  It handles soft links correctly.  It returns
appropriate result codes when used for hash/signature verification.  

All comments welcome.

Oh yeah, this is a GPL'd program.

 -- Oscar Levi




More information about the Gnupg-devel mailing list