Digital Signature Implementation Example in Linux

One of the most important questions in today’s world is the question of confidence in received data. For example, user А sends data D to user B via email. How can user B be sure that the received data is the same data that was sent by user A? One possible way of resolving this issue is using a digital signature (DS).

The following requirements apply to a DS:

  • The signature content should depend on the signed message;
  • The sender’s unique information should be used in a signature;
  • It should be easy to create a signature;
  • It should be impossible to falsify a signature computationally;
  • A signature should be small.

This article considers a DS implementation example for binary file integrity checking in Linux (64-bit ELF). We will use a direct DS when only a sender and a recipient are communicating (without a third party/an arbitrator). We will need a private encryption key and a public key (certificate) for this. The sender creates both keys. User A signs an executable file and passes the certificate to user B with the help of safe delivery means. After this, user A sends a signed file to user B. User B runs the received file; if the binary file is corrupted, user B will receive a message that DS verification has failed. To implement this solution, we will need a program for signing binary files and a code that verifies DSs.

This is a tech artilce written by Kirill Brazhnikov, a software engineer at Auriga. His experience includes low-level software development (host-target development model) in RTOS LynxOS-178 and system programming in Linux.

The article was initially published at www.embedded.com.

Feel free to download a PDF version of the article.