-1

I have a Linux device that needs to be able to perform a software update of some binaries that may be coming from an insecure source

I'd like to find a way to sign these binaries using a public/private key such that the device uses the key to verify the integrity of the contents

I can easily store a key on the device securely

what is the preferred tool for this? ideally it'd be a command line program where I'd provide the key and the binary and a yes/no is returned if the binary were correctly signed

stuck
  • 667
  • 2
  • 10
  • 23

2 Answers2

1

PGP/GnuPG is pretty much the standard tool for this.

Sven
  • 97,248
  • 13
  • 177
  • 225
  • this is great, thanks for the tip - one question if you dont mind - if I go the "detached signature" route is the signature also signed? I assume yes since it's public/private, but just to be certain - the signature is detached such that the binary being signed doesnt need to be modified, it's not detached because the signature must be securely transmitted? – stuck Jan 11 '13 at 04:52
  • I am not sure how the details work mathematically, but the signature file is tamper-proof, meaning that if you edit it, the `--verify` operation will fail. And no, it doesnt't need to be securely transmitted. – Sven Jan 11 '13 at 04:59
  • 1
    However, the public key needs to be transmitted securely, or you're vulnerable to a man-in-the-middle attack. You'll probably want to include the public key in your device's ROM, so that it has a reliable copy to use for checking signatures on downloaded updates. – Wyzard Jan 11 '13 at 05:55
1

RPM and dpkg are both perfectly capable of checking package signatures - and of course allowing you to sign the packages. Why reinvent the wheel?

If you're building an embedded system, ipkg and its fork opkg supposedly also can deal with signed packages, though documentation is sparse since ipkg is dead and opkg refers to the dead ipkg website...

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940