Using gpg to add digital signature to a linux executable

ಚಿರಾಗ್ ನಟರಾಜ್ mailinglist at
Tue Oct 26 21:44:25 CEST 2021

12021/07/18 04:64.54 ನಲ್ಲಿ, Andrew Marlow via Gnupg-users <gnupg-users at> ಬರೆದರು:
> Hello everyone,
> For some time now where I work there has been a rule saying "thou shalt add a
> digital signature to every executable and shared library when shipping software
> designed to run on Windows". This is quite doable and all is well and good. At
> least, on Windows. But what about linux? The only thing I've seen for linux is
> to create separate digital signatures using tools like gpg (GNU Privacy Guard).
> I can find no mention of how to attach them to an executable or shared library.
> Has anyone here ever done anything like this please? It seems to me there is
> real benefit in doing it. So, much as I detest Windows, this seems to be one
> area in which Windows is slightly ahead.
> --
> Regards,
> Andrew Marlow
> [1]
> References:
> [1]

Why not do a detached signature using e.g. gpg -sb --output file.sig file? Then, someone can run gpg --verify file.sig file to ensure that the signature is valid.


ಚಿರಾಗ್ ನಟರಾಜ್
Pronouns: he/him/his
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - mailinglist at - b0c8d720.asc
Type: application/pgp-keys
Size: 713 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list