Does linux have a signature system for executables?
Windows has a signature system which allows you to make sure that an executable hasn't been modified after it has been signed. I used to use this as a security measure in Windows.
Does linux have such a system which allows developers to put signatures in executables and .debs so that the user can verify them? So, for example some one gives me a modified version of a program. I can see if the programs signature is valid or if it has a signature in the first place.
2 Answers
Software that is in the repositories does not really need a signature. We can assume that the software coming from those can be trusted.
But it is possible to check it through its md5 checksum. Launchpad page on MD5 checksum step 2:
Step 2: Open a terminal, change to the directory where you have saved the file and accompanying signature, then enter the following:
gpg --verify signaturefilename3Replace signaturefilename with the signature's filename.
gpg will now try to check the signature against the signer's public key. If your version of gpg is configured to retrieve public keys automatically, you can skip to step 4. Otherwise, you'll need to fetch the signer's public key manually.
DigSig (Digital Signature... in the Kernel) and DSI (Distributed Security Infrastructure), but unfortunately, this project is no longer maintained.
DigSig, is a Linux kernel module, which checks RSA digital signatures of ELF binaries and libraries before they are run. Binaries are to be signed with BSign.
DSI (Distributed Security Infrastructure), is a security framework which targets distributed environments, and is meant to address any specific security issue such platforms may be concerned with. More particularly, it is meant to address security needs of carrier-grade Linux clusters, for the telecommunication domain.DigSig
