PREVIEW: bsign embeds hash and/or digital signature in ELF files

Oscar Levi elf at
Sun Dec 13 20:31:23 CET 1998

On Sun, Dec 13, 1998 at 03:51:59PM -0500, Stainless Steel Rat wrote:
> Hash: SHA1
> "OL" == Oscar Levi <elf at> writes:
> OL> It embeds a hash and optional GPG signature in ELF format files that
> OL> can be use to do two things.
> This obviously will not work on a.out binaries

Not my concern.  I believe we can embed in a.out files, too, but none
of the systems I use are a.out. 

>, nor will it work on
> binaries compressed with gzexe.

Perhaps.  That  depends on how gzexe works.  Either I decompress,
sign, and recompress or I sign the compressed gzexe program.  Like
a.out, this is not a big concern since disk space is cheap and few
people really *need* to use gzexe.

>  It also does nothing for the numerous flat
> text files and scripts required for the proper and secure functioning of a
> Unix or Unixalike system.

These are next.  Fortunately, these are easier than ELF.  Also,
corruption in script files is MUCH more obvious than corruption in
binaries.  I've seen it.  Also, scripts can be stored in source
control and backup-ed up.  Binaries don't really work that way.

> The idea is good, but I think you might be making the system needlessly
> complex.  

Where is the complexity?  How much simpler can it get that embedding
signatures in the files themselves?  The complexity I've seen in other
systems usually stems from auxiliary databases.

> Take a look at what Tripwire does.

Where can I find that?

> Version: GnuPG v0.4.5 (GNU/Linux)
> Comment: For info finger gcrypt at
> iD8DBQE2dCjugl+vIlSVSNkRArvsAJ9wdnvNO6gvOeJLjGLokfm+6r74BgCfQORK
> oZAVbgXqO1MiBrPetjLbWfE=
> =J0U1
> -- 
> Rat <ratinox at>    \ Do not use Happy Fun Ball on concrete.
> PGP Key: at a key server near you! \ 
> GPG Key: same as my PGP 5 (DH) key  \ 

More information about the Gnupg-devel mailing list