Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [digital-signatures]

50 questions
33
votes
2 answers

How to verify a file using an asc signature file?

As an example, this project offers an *.asc file with a PGP signature to verify the contents of the download (as opposed to a checksum, you can see the empty column): https://ossec.github.io/downloads.html How would I use this file? I tried gpg…
user8897013
  • 443
  • 1
  • 4
  • 7
14
votes
4 answers

Validating signature trust with gpg?

We would like to use gpg signatures to verify some aspects of our system configuration management tools. Additionally, we would like to use a "trust" model where individual sysadmin keys are signed with a master signing key, and then our systems…
larsks
  • 41,276
  • 13
  • 117
  • 170
7
votes
2 answers

How to ensure integrity and security enforcing signed unmodified RPM package?

There is a way to verify files related to specific package against original RPM content: # Verify `vsftpd` package. rpm -V vsftpd How to complete the chain and verify that rpm command itself hasn't been changed? If I replace rpm by a script which…
uvsmtid
  • 847
  • 1
  • 6
  • 12
6
votes
1 answer

Bad signatures or NOKEY errors on RPMs I just signed

I'm having serious problems getting RPM signing working for RHEL / CentOS 5 hosts. TL;DR: RPM signing isn't working, and it's working in a variety of insane and erratic ways depending on the exact GPG key size and format and even where it was…
Craig Ringer
  • 10,553
  • 9
  • 38
  • 59
6
votes
1 answer

How does one configure Windows not to execute tampered binaries?

To illustrate the benefits of digitally signing certificates, I wrote an .NET executable "demo.exe" which calls a function in "demo.core.dll". I digitally signed both executables. When executed, it prints a message "Hello. How are you doing?". The…
bloudraak
  • 462
  • 2
  • 5
  • 14
6
votes
2 answers

What are the advantages of DKIM?

After making my server sign outgoing email I started to wonder what the benefits are. This is the opposite of a previously asked question. Naively I see two benefits: We can throw away all emails which don’t carry a valid signature: Wrong!…
duff
  • 63
  • 1
  • 3
4
votes
2 answers

How to verify signature on a file using OpenSSL with custom engine

Update Dec 28, 2017 – 3: The author of OpenSSL DSTU module kindly provided patch to OpenSSL+DSTU implementation with a fix for the issue, and assisted further. I was able to accomplish what I need first with this command: ./apps/openssl smime…
gmile
  • 221
  • 2
  • 5
4
votes
1 answer

Let's Encrypt: Why is DNS challenge static?

To my understanding, LetsEncrypt DNS verification works by setting a static TXT record into DNS (basically just a nonce) which is then checked by the LetsEncrypt servers. When I first heard about it I was pretty excited and expected something more…
divB
  • 538
  • 1
  • 6
  • 22
4
votes
2 answers

How do I identify an Authenticode timestamp vs. an RFC 3161 compliant timestamp?

When signing code with Microsoft's Signtool, there are a couple different options when specifying a timestamp URL, /t and /tr. /t can specify an Authenticode timestamp URL and /tr is supposed to be used with an RFC 3161 compliant timestamp…
Gregordinary
  • 318
  • 1
  • 9
4
votes
1 answer

RemoteApp shows no certificate available but RD Session host finds it fine

I am trying to set up remote app for a internal domain. I have a Root CA that is trusted my all of the end computers, that cert has signed a wildcard cert I am trying to use for the server. I added the pfx of the wildcard cert to the local machine…
Scott Chamberlain
  • 1,445
  • 2
  • 21
  • 37
4
votes
2 answers

Digital signatures and encryption in GMail

I just wonder if there is a way to use SSL certificates or PGP keys for signing my email. At the moment I have to setup S/MIME in Outlook (or another thick client) to send signed messages via SMTP. It works for me, but I'm looking for a way to do…
Antonio
  • 720
  • 4
  • 12
  • 29
3
votes
1 answer

What is the best practice for logs integrity and authenticity?

We have hundreds of workstations, tens of servers, sending logs to a syslog server or Windows Event Collector server whether they come from Linux or Windows machines. At this point, logs integrity and confidentiality is managed by access rules and…
lalebarde
  • 141
  • 8
3
votes
2 answers

Does Hyper-V support digital signatures with VHD disk files?

Does Hyper-V provide a mechanism (like ESX/vSphere) to identify digitally signed VHD files? Is it even possible to sign a VHD file? Background: I am trying to provide a virtual appliance to my prospective customers, which they could just import in…
grv
  • 33
  • 4
3
votes
1 answer

Digitally signed FreeBSD package

In nasty world of Windows you can digitally sign installation package (exe) and during installation check if its authentic or not. Any idea how to check same under FreeBSD(preferably in conjunction with pkg_add)? Thanks
Boris Ivanov
  • 161
  • 8
2
votes
1 answer

gpg: no valid OpenPGP data found

I am trying to make sense of the following two serverfault posts: How to verify a file using an asc signature file? and gpg --import bind-9.9.4.tar.gz.sha1.asc fails with no valid OpenPGP data found In my case here is what I do : $ wget…
malat
  • 186
  • 2
  • 11
1
2 3 4