Verifying a code signature

Look for a text marker to verify that a file is signed.

About this task

The signature data that is appended to a signed file consists of the following parts:

Table 1. Linux signature-trailer format
Offset from end of file Description
-(<L>+40) Signature data in DER-encoded PKCS#7 format
-40 8 bytes of Linux-kernel-specific metadata
-32 A 4-byte integer that specifies the length <L> of the PKCS#7 signature
-28 An ASCII text marker “~Module signature appended~”

Procedure

Display the last 28 bytes of a file to check whether it is signed.
If the output contains the signature text marker ~Module signature appended~ then the file is signed.
Issue a command of the following form:
# tail -c 28 <file>
~Module signature appended~ 
where <file> is the file that you want to check.