Created
December 30, 2016 22:03
-
-
Save colatkinson/1c73ffea5a77c2b555cc3d2c581fad42 to your computer and use it in GitHub Desktop.
A Bash script to sign and verify ELF executables with embedded GPG signatures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
function verify_file { | |
unsig_exe_tmp=`mktemp`; | |
# Remove the signature from the file and save to disk | |
objcopy --remove-section=sigdata $1 $unsig_exe_tmp; | |
# Extract the signature and verify it against the unsigned executable | |
objcopy --dump-section sigdata=/dev/stdout $1 | gpg --verify - $unsig_exe_tmp; | |
} | |
function sign_file { | |
sig_tmp=`mktemp`; | |
# Create a detached signature and save to temp file | |
gpg --yes --output $sig_tmp --detach-sign --sign $1; | |
# Add the signature to the executable | |
objcopy --add-section sigdata=$sig_tmp $1 signed_$1; | |
} | |
# Check arguments | |
if [[ -z "${2+present}" ]]; then | |
>&2 echo "Must specify operation and file"; | |
exit 1; | |
fi; | |
# Make sure the file exists and is an executable | |
nm $2 >/dev/null 2>/dev/null; | |
if [ $? -ne 0 ]; then | |
>&2 echo "Invalid file specified"; | |
exit 1; | |
fi | |
if [ "$1" == "sign" ]; then | |
sign_file $2 && | |
echo "Signed file in signed_$2"; | |
elif [ "$1" == "verify" ]; then | |
verify_file $2; | |
else | |
>&2 echo "Invalid operation specified"; | |
fi; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment