Skip to content

GitLab

Explore

Sign in
Register

Primary navigation

Project

oscam
- Activity
- Members
- Labels
- Issues
- Issue boards
- Milestones
- Wiki
- Environments
- Terraform modules
- Incidents

Snippets Groups Projects

!70

Introduce binary signing

Review changes
Download
Patches
Plain diff

Merged Introduce binary signing

binary-signing into master

Overview 0
Commits 39
Pipelines 11
Changes 7

Merged WXbet requested to merge binary-signing into master 6 months ago

Overview 0
Commits 39
Pipelines 11
Changes 7

Build process

new build option WITH_SIGNING supported by make and cmake
create CA certificate (config.sh --create-cert) or use own pre-built certificate (config.sh --add-cert)
embed certificate as config_cert variable to config.c (config.sh --make-config.mak)
sign SHA1 hash of binary with private key after build
append signature to binary (upx binaries are supported as well)
build process uses the new options in config.sh (--create-cert, --add-cert, --cert-file, --cert-info, --sign-marker)

Runtime signature verification

extract public key from built-in certificate
read signature from running binary
verify SHA1 hash of running binary with extracted public key against signature
stop running oscam if the verification process fails

Runtime certificate/signature information

oscam startlog informs about signature verification status and certificate validity
oscam.version shows signature and certificate details

Edited 6 months ago by WXbet

Merge request reports

0 Assignees

0 Reviewers

Request review from

Loading

Labels

0

None

0

None

Select labels

Manage project labels

Milestone

None

None

None

Time tracking

No estimate or time spent

0

0 Participants

Loading