I have a Linux device that needs to be able to perform a software update of some binaries that may be coming from an insecure source
I’d like to find a way to sign these binaries using a public/private key such that the device uses the key to verify the integrity of the contents
I can easily store a key on the device securely
what is the preferred tool for this? ideally it’d be a command line program where I’d provide the key and the binary and a yes/no is returned if the binary were correctly signed
If you’re building an embedded system, ipkg and its fork opkg supposedly also can deal with signed packages, though documentation is sparse since ipkg is dead and opkg refers to the dead ipkg website…
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.