Using gpg to add digital signature to a linux executable
ಚಿರಾಗ್ ನಟರಾಜ್
mailinglist at chiraag.me
Tue Oct 26 21:44:25 CEST 2021
12021/07/18 04:64.54 ನಲ್ಲಿ, Andrew Marlow via Gnupg-users <gnupg-users at gnupg.org> ಬರೆದರು:
> Hello everyone,
>
> For some time now where I work there has been a rule saying "thou shalt add a
> digital signature to every executable and shared library when shipping software
> designed to run on Windows". This is quite doable and all is well and good. At
> least, on Windows. But what about linux? The only thing I've seen for linux is
> to create separate digital signatures using tools like gpg (GNU Privacy Guard).
> I can find no mention of how to attach them to an executable or shared library.
> Has anyone here ever done anything like this please? It seems to me there is
> real benefit in doing it. So, much as I detest Windows, this seems to be one
> area in which Windows is slightly ahead.
>
> --
> Regards,
>
> Andrew Marlow
> [1]http://www.andrewpetermarlow.co.uk
>
>
> References:
>
> [1] http://www.andrewpetermarlow.co.uk/
Why not do a detached signature using e.g. gpg -sb --output file.sig file? Then, someone can run gpg --verify file.sig file to ensure that the signature is valid.
HTH,
Chiraag
--
ಚಿರಾಗ್ ನಟರಾಜ್
Pronouns: he/him/his
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - mailinglist at chiraag.me - b0c8d720.asc
Type: application/pgp-keys
Size: 713 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211026/25d3a1c3/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211026/25d3a1c3/attachment.sig>
More information about the Gnupg-users
mailing list