One of the most important questions in today’s world is the question of confidence in received data. For example, user А sends data D to user B via email. How can user B be sure that the received data is the same data that was sent by user A? One possible way of resolving this issue is using a digital signature (DS).
The following requirements apply to a DS:
- The signature content should depend on the signed message;
- The sender’s unique information should be used in a signature;
- It should be easy to create a signature;
- It should be impossible to falsify a signature computationally;
- A signature should be small.
This article considers a DS implementation example for binary file integrity checking in Linux (64-bit ELF). We will use a direct DS when only a sender and a recipient are communicating (without a third party/an arbitrator). We will need a private encryption key and a public key (certificate) for this. The sender creates both keys. User A signs an executable file and passes the certificate to user B with the help of safe delivery means. After this, user A sends a signed file to user B. User B runs the received file; if the binary file is corrupted, user B will receive a message that DS verification has failed. To implement this solution, we will need a program for signing binary files and a code that verifies DSs.
This is a tech artilce written by Kirill Brazhnikov, a software engineer at Auriga. His experience includes low-level software development (host-target development model) in RTOS LynxOS-178 and system programming in Linux.
The article was initially published at www.embedded.com.
Feel free to download a PDF version of the article.