Re: Code signing possible of Linux?
From: Saqib Ali (docbook.xml_at_gmail.com)
Date: Tue, 18 Oct 2005 10:49:59 -0700 To: Alexander Klimov <email@example.com>
Thanks for the response. The binaries that we are planning to sign
will BE used on Windows and NOT on Linux.
However we need to build the Build Signing System on Linux platform
i.e. sign binaries on a Linux box. See <
http://www.xml-dev.com/blog/?action=viewtopic&id=130 > for a brief
description of the design of the system.
On 10/18/05, Alexander Klimov <firstname.lastname@example.org> wrote:
> On Mon, 17 Oct 2005, Saqib Ali wrote:
> > However I would like build this platform on a Linux architecture. I
> > understand that Authenticode for Code Signing is a Microsoft
> > technology, and SignCode.exe is only available for Win32 platform. I
> > was wondering if there any solutions available to sign binaries using
> > the Verisign's Software Publishing Certificates (Authenticode) on a
> > Linux platform?
> There are two approaches:
> * sign distribution package and check before installation,
> * sign executables and check before each execution.
> IIUC Authenticode is the first approach. The similar approach used by
> almost every linux distribution: usually they use GPG signatures to
> ensure that the package is not changed.
> If you want to use Authenticode itself (not sure how useful are
> signed windows programs on linux :-) you probably should check MS web
> site :
> Microsoft is committed to ensuring that this technology is
> implemented on UNIX and the Macintosh platforms.
> For the second approach consider DigSig .
>  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnauth/html/signfaq.asp
>  http://sourceforge.net/projects/disec
-- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.