Verifying a code signature
Look for a text marker to verify that a file is signed.
About this task
The signature data that is appended to a signed file consists of the following parts:
| Offset from end of file | Description |
|---|---|
| -(<L>+40) | Signature data in DER-encoded PKCS#7 format |
| -40 | 8 bytes of Linux-kernel-specific metadata |
| -32 | A 4-byte integer that specifies the length <L> of the PKCS#7 signature |
| -28 | An ASCII text marker “~Module signature appended~” |
Procedure
Display the last 28 bytes of a file to check whether it is signed.
If the output
contains the signature text marker
~Module signature appended~ then the file is
signed.Issue a command of the following form:
# tail -c 28 <file> ~Module signature appended~where <file> is the file that you want to check.