NAME ELF::sign - X509 signing of elf execuables VERSION Version 0.07 DESCRIPTION This module allows one to sign a elf file - or any other file type - based on a PKCS#7 via a X509-Certifcate and its private key, and include the signature in the file. It uses SHA512 Hashing via PKCS#7 to ensure the correctness. SYNOPSIS You can mix inmemory and file based commands. Signing use ELF::sign; my $sign = ELF::sign->new(); $sign->crtFile("test.crt"); $sign->keyFile("test.key"); $sign->dataFile($filename); my $error = $sign->sign() || $sign->save($outfile); die $error if $error; Verifying use ELF::sign; my $verify = ELF::sign->new(); $verify->crtFile("test.crt"); $verify->dataFile($filename); my $error = $verify->verify() || $verify->save($outfile, 1); die $error if $error; FUNCTIONS new Returns a new *ELF::sign* object. It ignores any options. data{File}($data{/$filename}) Assignes data (as a file with suffix *File*) on which signing or verifying operations can be applied. Detects automatically if there is already a signature on the file or on the data, and parses it in this case. Verifying via *verify()* is possible if there is one or if *sign()* has been successfully called. Signing via *sign()* is always possible, and overwrites a maybe exsting signing - but just inmemory. To update to a file you have to use *save()*. If the *File* suffix is used, you specify a file. If this file cannot be read, then *dataFile* returns undef. In any other case, also on *data()*, it returns the attached signing (PKCS#7) or the scalar defined value 0 if there is none but the file was able to be read. crt{File}($data{/$filename}) Assignes a X509-certificate to be used for verifing or signing. To sign you also need to set the corresponding *key{File}()*. key{File}($data{/$filename}) Assignes a key to be used for signing via *sign()*. To sign you also need to set the corresponding *crt{File}()*. verify() Verifies that a attached or via *sign()* created signature matches the data passed via *data{File}()* and the public key of *crt{File}()*. Returns undef on success, or on any error the cause as scalar(string). WARNING: ELF::sign currently does not verify the validity of the certificate, it only uses the public key in the certificate specified by *crt{File}()* and does do not any further certificate, ca processing or checks. This will get fixed in one of the next releases. sign() Creates inmemory a PKCS#7 signature via *crt{File}()* and *key{File}()* on the data that has been passed via *data{File}()*. Returns undef on success, or on any error the cause as scalar(string). To store and attach this signature you have to use *get()* or *save()*. The signature alone, the PKCS#7, can be fetched via *pkcs7()*. get({1}) Returns the passed data passed via *data{File}()* as scalar(string), and the attached signature, if available. If the optional parameter is true, it omits the signature. save($filename{,1}) Saves the passed data passed via *data{File}()* to a file, including the attached signature if available. If the optional parameter is true, it omits the signature. pkcs7({$data}) Returns the currently active PKCS#7 signature, if available, or undef. Via the optional data the pkcs7 can be manually overwritten. hexdump($string) Returns string data in hex format. Example: perl -e 'use ELF::sign; print ELF::sign::hexdump("test")."\n";' 74:65:73:74 Internal functions crt() crtFile() key() keyFile() data() dataFile() datasign() dataverify() load() loadFile() dataToBio() PEMdataToPKCS7() PEMdataToX509() PEMdataToEVP_PKEY() getDigest() doFile() getFromData() getFromFile() PEM_read_bio_PKCS7() Commercial support Commercial support can be gained at . Used in our products, you can find on COPYRIGHT & LICENSE Copyright 2010-2018 Markus Schraeder, CryptoMagic GmbH, all rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.