jsign icon indicating copy to clipboard operation
jsign copied to clipboard
verified publisher icon ebourg

Signing ELF binaries

Open isagargit opened this issue 1 year ago • 1 comments

We are doing dotnet builds that generates dlls and exes. Alongside them, an extension less binary is generated.

Upon using the file command, I could find that it's an ELF file. I wanted to ask

  1. If anyone has experienced this, are those files necessary to be signed. If yes how ?

@ebourg : Please convert this as a discussion if possible

isagargit avatar Dec 13 '24 17:12 isagargit

ELF binaries are usually for Linux. There is no a canonical way to sign these files. There were experiments like signelf and DigSig but none really took off (see https://stackoverflow.com/questions/1732927/signed-executables-under-linux for more info).

There is no signature verification mechanism at runtime on Linux similar to Authenticode on Windows. The file integrity is instead checked by the package manager using GPG signatures instead of X.509 certificates.

So no, you don't have to sign these files. You may still sign the application package containing the ELF executable, but that's out of the scope of Jsign.

ebourg avatar Jan 15 '25 08:01 ebourg