Mailing List Archive: How to verify a detached signature in an embedded device

How to verify a detached signature in an embedded device

Jul 1, 2003, 5:52 AM

Post #1 of 5 (850 views)

Hello,
I want to verify a detached signature in a boot loader.
The boot loader is built using the GNU toolchain for my
processor, but there is no OS available (no file system,
no shell, no stdin/stdout, ...).

I have the signature as well as the public key and the
corresponding text as character arrays in the RAM.
Also, I know how long the corresponding arrays are.
Is there a possibility to verify them? Has anyone
already written this code? Or: can anyone give me a
tip how to modify the gpgme lib? I looked at the source
code of the gpgme lib, but it assumes to have an OS.

The function I dream of looks as follows:

int isSignatureGood(char *signature,
int signatureSize,
char *publicKey
int publicKeySize,
char *text
char textSize);

Thank you,
Peter Voser

Re: How to verify a detached signature in an embedded device [ In reply to ]

wk at gnupg

Jul 2, 2003, 7:02 AM

Post #2 of 5 (833 views)

Permalink

On Tue, 1 Jul 2003 14:52:18 +0200, Voser Peter said:

> The boot loader is built using the GNU toolchain for my
> processor, but there is no OS available (no file system,
> no shell, no stdin/stdout, ...).

You might be interested in this code:

ftp://ftp.gnupg.org/people/werner/crypto/sfsv-0.5.0.tar.gz

This checks the signature of an executable in ELF format. The
signature is therefore embedded within the ELF file and all the tools
to create it should be there too.

If you don't want the ELF support, it is pretty easy to use only the
core verification. It does only work with DSS signatures.

Shalom-Salam,

Werner

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

Re: How to verify a detached signature in an embedded device [ In reply to ]

peter.voser at siemens

Jul 3, 2003, 12:46 AM

Post #3 of 5 (835 views)

Permalink

Hello,

>> You might be interested in this code:
>> ftp://ftp.gnupg.org/people/werner/crypto/sfsv-0.5.0.tar.gz

I built the binary elfsigchk and made a test with
bin2array as a elf executable:

// First, I create the detached signature bin2array.sig
$ gpg -sb bin2array

// The I want to verify it with elfsigchk
$ ./elfsigchk bin2array bin2array.sig
signature is NOT valid: no signature found

It always returns: no signature found. Why???
Is there a version problem (I use 1.0.4)?

Thanks,
Peter

Re: How to verify a detached signature in an embedded device [ In reply to ]

wk at gnupg

Jul 3, 2003, 1:44 AM

Post #4 of 5 (829 views)

Permalink

On Thu, 3 Jul 2003 09:46:23 +0200 , Voser Peter said:

> // First, I create the detached signature bin2array.sig
> $ gpg -sb bin2array

I can't remember any details but there should be a tool to calculate
and embed a signature in the ELF file.

> // The I want to verify it with elfsigchk
> $ ./elfsigchk bin2array bin2array.sig
> signature is NOT valid: no signature found

IIRC, elfsigchk is a test driver which parses and ELF file, extracts
the signature, calculates the hash and verifies the signature then.

Did you follow the rules in the README:

1. Make sure that the special RFC2440 .note section exsists.
(see below)
2. Run:
./elfsigtool <elffile> | gpg --force-v3-sig -u <signer> -sb >tmp
./elfsigtool <elffile> tmp > <signedelffile>
3. Check:
./elfsigchk <signedelffile> <publickey>

?

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

AW: How to verify a detached signature in an embedded device [ In reply to ]

peter.voser at siemens

Jul 3, 2003, 2:49 AM

Post #5 of 5 (835 views)

Permalink

>>Did you follow the rules in the README:

Sorry, now I read the README and it works.

P.