Question

16

Does linux have a signature system for executables?

rated 0 times [ 16] [ 0] / answers: 1 / hits: 6129 / 3 Years ago, wed, august 4, 2021, 4:32:10

Windows has a signature system which allows you to make sure that an executable hasn't been modified after it has been signed. I used to use this as a security measure in Windows.
enter image description here

Does linux have such a system which allows developers to put signatures in executables and .debs so that the user can verify them? So, for example some one gives me a modified version of a program. I can see if the programs signature is valid or if it has a signature in the first place.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

raldership

Add To Favorites

Follow

Total Points: 222

Total Questions: 115

Total Answers: 124

Location: North Korea

Member since Fri, Nov 4, 2022

2 Years ago

answered 3 Years ago earxcept · Accepted Answer

Software that is in the repositories does not really need a signature. We can assume that the software coming from those can be trusted.

But it is possible to check it through its md5 checksum. Launchpad page on MD5 checksum step 2:

Step 2: Open a terminal, change to the directory where you have saved the file and accompanying signature, then enter the following:

gpg --verify signaturefilename

Replace signaturefilename with the signature's filename.

gpg will now try to check the signature against the signer's public key. If your version of gpg is configured to retrieve public keys automatically, you can skip to step 4. Otherwise, you'll need to fetch the signer's public key manually.