I would like to sign ELF files, preferably with a PGP key, and then verify the signature. Otherwise, I will also go with an Authenticode or SSL certificate for signing, if that makes sense. Existing options, such as signelf , are apparently only available under copyleft licenses (even if it is LGPL, but it imposes restrictions that prevent me from using it) or old / unsaved.
What parameters do I have that can be used in a proprietary program?
Note. We can limit the scope of Linux, although ELF is not Linux.
Even if there is no way to use the program and / or the library under the FLOSS license with a liberal (not copyleft), I would appreciate standardization documents if some de facto standard arises. I do not know about this, but then about what I ask.
From what I see, all distributions seem to rely on signing packages and checking them. This is good, but I would like to take one more step.
source
share