NAME
ELF::sign - X509 signing of elf execuables
VERSION
Version 0.07
DESCRIPTION
This module allows one to sign a elf file - or any other file type -
based on a PKCS#7 via a X509-Certifcate and its private key, and include
the signature in the file.
It uses SHA512 Hashing via PKCS#7 to ensure the correctness.
SYNOPSIS
You can mix inmemory and file based commands.
Signing
use ELF::sign;
my $sign = ELF::sign->new();
$sign->crtFile("test.crt");
$sign->keyFile("test.key");
$sign->dataFile($filename);
my $error = $sign->sign() ||
$sign->save($outfile);
die $error
if $error;
Verifying
use ELF::sign;
my $verify = ELF::sign->new();
$verify->crtFile("test.crt");
$verify->dataFile($filename);
my $error = $verify->verify() ||
$verify->save($outfile, 1);
die $error
if $error;
FUNCTIONS
new
Returns a new *ELF::sign* object. It ignores any options.
data{File}($data{/$filename})
Assignes data (as a file with suffix *File*) on which signing or
verifying operations can be applied.
Detects automatically if there is already a signature on the file or
on the data, and parses it in this case. Verifying via *verify()* is
possible if there is one or if *sign()* has been successfully called.
Signing via *sign()* is always possible, and overwrites a maybe
exsting signing - but just inmemory. To update to a file you have to
use *save()*.
If the *File* suffix is used, you specify a file. If this file cannot
be read, then *dataFile* returns undef.
In any other case, also on *data()*, it returns the attached signing
(PKCS#7) or the scalar defined value 0 if there is none but the file
was able to be read.
crt{File}($data{/$filename})
Assignes a X509-certificate to be used for verifing or signing. To
sign you also need to set the corresponding *key{File}()*.
key{File}($data{/$filename})
Assignes a key to be used for signing via *sign()*. To sign you also
need to set the corresponding *crt{File}()*.
verify()
Verifies that a attached or via *sign()* created signature matches the
data passed via *data{File}()* and the public key of *crt{File}()*.
Returns undef on success, or on any error the cause as scalar(string).
WARNING: ELF::sign currently does not verify the validity of the
certificate, it only uses the public key in the certificate specified
by *crt{File}()* and does do not any further certificate, ca
processing or checks. This will get fixed in one of the next releases.
sign()
Creates inmemory a PKCS#7 signature via *crt{File}()* and
*key{File}()* on the data that has been passed via *data{File}()*.
Returns undef on success, or on any error the cause as scalar(string).
To store and attach this signature you have to use *get()* or
*save()*. The signature alone, the PKCS#7, can be fetched via
*pkcs7()*.
get({1})
Returns the passed data passed via *data{File}()* as scalar(string),
and the attached signature, if available. If the optional parameter is
true, it omits the signature.
save($filename{,1})
Saves the passed data passed via *data{File}()* to a file, including
the attached signature if available. If the optional parameter is
true, it omits the signature.
pkcs7({$data})
Returns the currently active PKCS#7 signature, if available, or undef.
Via the optional data the pkcs7 can be manually overwritten.
hexdump($string)
Returns string data in hex format.
Example:
perl -e 'use ELF::sign; print ELF::sign::hexdump("test")."\n";'
74:65:73:74
Internal functions
crt()
crtFile()
key()
keyFile()
data()
dataFile()
datasign()
dataverify()
load()
loadFile()
dataToBio()
PEMdataToPKCS7()
PEMdataToX509()
PEMdataToEVP_PKEY()
getDigest()
doFile()
getFromData()
getFromFile()
PEM_read_bio_PKCS7()
Commercial support
Commercial support can be gained at <elfsignsupport at cryptomagic.eu>.
Used in our products, you can find on <https://www.cryptomagic.eu/>
COPYRIGHT & LICENSE
Copyright 2010-2018 Markus Schraeder, CryptoMagic GmbH, all rights
reserved.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.