Re: Code signing possible of Linux?

From: Saqib Ali (docbook.xml_at_gmail.com)
Date: 10/18/05

Next message: Simpson, Brett: "RE: OS to know."

Previous message: Micheal Espinola Jr: "Re: Hard drives v. CF/Smart media/etc."
In reply to: Alexander Klimov: "Re: Code signing possible of Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 18 Oct 2005 10:49:59 -0700
To: Alexander Klimov <alserkli@inbox.ru>

Hi Alexander,

Thanks for the response. The binaries that we are planning to sign
will BE used on Windows and NOT on Linux.

However we need to build the Build Signing System on Linux platform
i.e. sign binaries on a Linux box. See <
http://www.xml-dev.com/blog/?action=viewtopic&id=130 > for a brief
description of the design of the system.

On 10/18/05, Alexander Klimov <alserkli@inbox.ru> wrote:
> On Mon, 17 Oct 2005, Saqib Ali wrote:
> > However I would like build this platform on a Linux architecture. I
> > understand that Authenticode for Code Signing is a Microsoft
> > technology, and SignCode.exe is only available for Win32 platform. I
> > was wondering if there any solutions available to sign binaries using
> > the Verisign's Software Publishing Certificates (Authenticode) on a
> > Linux platform?
>
> There are two approaches:
> * sign distribution package and check before installation,
> * sign executables and check before each execution.
>
> IIUC Authenticode is the first approach. The similar approach used by
> almost every linux distribution: usually they use GPG signatures to
> ensure that the package is not changed.
>
> If you want to use Authenticode itself (not sure how useful are
> signed windows programs on linux :-) you probably should check MS web
> site [1]:
> Microsoft is committed to ensuring that this technology is
> implemented on UNIX and the Macintosh platforms.
>
> For the second approach consider DigSig [2].
>
> [1] http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnauth/html/signfaq.asp
>
> [2] http://sourceforge.net/projects/disec
>
> --
> Regards,
> ASK
>

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

Next message: Simpson, Brett: "RE: OS to know."

Previous message: Micheal Espinola Jr: "Re: Hard drives v. CF/Smart media/etc."
In reply to: Alexander Klimov: "Re: Code signing possible of Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: ACKPACK
... The ACK produces generic binaries in ack.out format, ... that running on Linux using something like iBCS, but I doubt it's worth the ... > If it's a native compiler, does it do a.out or ELF? ...
(comp.os.minix)
Re: fat / multi arch binaries?
... >> does linux support binaries with code ... >> for several architectures? ... large binaroes just to support MIPS and 68k ...
(Linux-Kernel)
Re: please help test the CMUCL 19a prerelease
... | appreciate help in testing the prerelease binaries that are available ... Due to security issues, a Linux web server that had been ... running an application server I had written in CMUCL (the usual thing, ...
(comp.lang.lisp)
Re: C++ compilers on Linux supporting 64bit architecture?
... I don't think a 32bit only processor can produce 64bit binaries. ... It's not the question of processor, but rather compiler support. ... 64 bit Linux compiler, like you'd have to for a 64 bit version of Visual ... workstation running 32 bit Windows on a 32 bit CPU, ...
(Fedora)
Pea-Peach update
... The Pea-Peach project has been updated, ... for download (sources, cdocumentation, binaries for Linux and Windows) ... archive files, how to use encryption, how to split files, change ...
(comp.os.linux.announce)