5f462ab099
These are not enabled in the pkg_install Makefile as of yet; adding the "sign" directory to the SUBDIR list will enable building of sign. Submitted by: Wes Peters Obtained from: Original framework from OpenBSD 2.7, X.509 bits from DoBox.
56 lines
2.0 KiB
Plaintext
56 lines
2.0 KiB
Plaintext
To sign packages in a transparent way:
|
|
gzip files can handle an extra field at the beginning that
|
|
stores anything we wish.
|
|
|
|
So it's just a question to choose a format for the signature, and to
|
|
embed it there.
|
|
|
|
We use the extra field to store signatures. Each signature consists
|
|
of a 6 bytes type marker, a 2 bytes length, followed by the signature
|
|
itself. We can potentially stack signatures: resign a signed archive
|
|
by just prepending the new signature to the extra field.
|
|
|
|
To check the first signature, the checker just needs to extract it, pass it
|
|
off to the checking protocol (e.g. PGP), followed by the unsigned archive
|
|
(e.g., regenerate the gzip header without the first signature, then put
|
|
the gzip data).
|
|
|
|
* Signed archives just look like normal .tar.gz files, except for programs
|
|
that use the extra field for their own purpose,
|
|
* Possibility to grab the files off the net and extract stuff/verify
|
|
signatures on the fly (just need to wedge the checker as an intermediate
|
|
pipe)
|
|
* Pretty simple, small portable code to be able to check signatures
|
|
everywhere (the signer itself needs getpass and corresponding functionality)
|
|
|
|
The scheme should be extensible to any compressed format which allows for
|
|
extended headers.
|
|
|
|
|
|
Thanks to Angelos D. Keromytis for pointing out I did not need to
|
|
uncompress the archive to sign it, and to other members of the OpenBSD
|
|
project for various reasons.
|
|
|
|
--
|
|
Marc Espie, 1999
|
|
$OpenBSD: README,v 1.2 1999/10/04 21:46:27 espie Exp $
|
|
|
|
--
|
|
|
|
X.509 notes:
|
|
|
|
I added the ability to sign a package with an X.509 key, and to check
|
|
against a stack of X.509 certificates. This allows a "vendor" to
|
|
distribute a system with one or more certificates pre-installed, and
|
|
to add certificates in a signed package by appending them to the
|
|
default certficiate stack.
|
|
|
|
The X.509 signatures are stored in the gzip header in the same manner
|
|
as other signatures. This is known to compile against OpenSSL
|
|
libraries on OpenBSD 2.7 and FreeBSD 5.0, your mileage may vary.
|
|
|
|
--
|
|
|
|
Wes Peters, Dec 2000
|
|
$FreeBSD$
|