* digital signatures on executables
@ 2021-10-28 17:45 Andrew Marlow
2021-11-17 16:47 ` Nick Clifton
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Marlow @ 2021-10-28 17:45 UTC (permalink / raw)
To: binutils
Hello everyone,
I am new to this mailing list so please pardon my ignorance; I don't even
know if this is the right place to discuss the issue I have in mind.
I would very much like to see GNU systems have the ability to add a digital
signature to an executable. Windows already has this feature; when you do
right mouse in the file explorer and select properties the dialog you get
can include a tab for digital signature if the executable has one. A
command line tool is also available for examining, deleting or adding a
signature to an executable.
GPG (the GNU privacy Guard) allows files to be digitally signed but the
emphasis is on text rather than binary. I raised the subject on the GPG
mailing list and was directed to this article about adding sections to an
ELF file:
https://stackoverflow.com/questions/1088128/adding-section-to-elf-file . It
referred to the ERSI project, see https://github.com/thorkill/eresi, which
provides a way to manipulate an ELF via an API. So I was wondering, what if
binutils included the command line tool for adding, deleting and listing
digital signatures on ELF executables (using ERSI)?
--
Regards,
Andrew Marlow
http://www.andrewpetermarlow.co.uk
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: digital signatures on executables
2021-10-28 17:45 digital signatures on executables Andrew Marlow
@ 2021-11-17 16:47 ` Nick Clifton
0 siblings, 0 replies; 2+ messages in thread
From: Nick Clifton @ 2021-11-17 16:47 UTC (permalink / raw)
To: agents, binutils
Hi Andrew,
> I am new to this mailing list so please pardon my ignorance; I don't even
> know if this is the right place to discuss the issue I have in mind.
This is a good place for such a discussion. You may also like to seek the
options of other groups however, such as the gcc community or the Clang/LLVM
community.
> I would very much like to see GNU systems have the ability to add a digital
> signature to an executable.
Are you aware of the build-id feature supported by the linker ? Check the
linker documentation for a description of the --build-id option, as this may
satisfy your needs.
Please be aware however that these build-ids are not cryptographically secure,
meaning that whilst they should be immune to accidental corruption, it is still
possible for a malicious actor to spoof them.
> GPG (the GNU privacy Guard) allows files to be digitally signed but the
> emphasis is on text rather than binary.
Actually it does work on binary files too. Binutils releases for example
are signed by using gpg.
Cheers
Nick
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-17 16:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-28 17:45 digital signatures on executables Andrew Marlow
2021-11-17 16:47 ` Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).