	    Small Footprint Signature Verification
	   ----------------------------------------
			Version 0.5

This is a library which may be used in an embedded system to verify
signature.  It is not very fast but has a quite small memory footprint.


The script makekey generates a header file with all keys.
You have to do this before compiling the system, so the steps
for first time installation is

    ./configure
    ./makekeys	userids
    make

you may want to repeat the last two steps when you have to create a new
version with different keys.

As an example of an application a system to sign ELF files has been
written.

How to sign an ELF file:
------------------------

    1. Make sure that the special RFC2440 .note section exsists.
       (see below)
    2. Run:
	./elfsigtool <elffile> | gpg --force-v3-sig -u <signer> -sb >tmp
	./elfsigtool <elffile> tmp > <signedelffile>
    3. Check:
	./elfsigchk <signedelffile> <publickey>


How to create the required note section
---------------------------------------
The easiest way is by linking against elf-note.o - this will create
a note section and an entry for it in the PHDR but it works only
with GNU tools.

The other way is to use objcopy to add a section.

1. Create a note section

   $ printf '\0\0\0\x08\0\0\0\x64\0\0\0\x01RFC2440\0' >note-be
   $ dd if=/dev/zero ibs=100 count=1 >>note-be

   or for a little endian system:

   $ printf '\x08\0\0\0\x64\0\0\0\x01\0\0\0RFC2440\0' >note-le
   $ dd if=/dev/zero ibs=100 count=1 >>note-le

2. Remove the existing note section:

   $ objcopy -R .note myimage

3. Add the new note section:

   $ objcopy --add-section .note=note-be

4. Enjoy your new note section :-)
   objdump seems to add a whole bunch (50k) instead of only the required
   100 and something bytes - someone should fix this.

It might also be possible to use a customized linker script.


