Jump to content


Photo

HPR - Ep0443: How to Sign C Files with GPG


  • Please log in to reply
3 replies to this topic

#1 BINREV SPYD3R

BINREV SPYD3R

    Live to Hack...Hack to Live.

  • Members
  • 2,405 posts

Posted 10 September 2009 - 07:00 PM

In this show SigFLUP shares a script that can be used to sign your c files with gpg so that they may be directly verifiable by gpg and look un-changed to your c compiler. You can download it at tmd.freeshell.org/gpg_bless

Go to this episode

Edit by Ohm: URL fix

#2 Ohm

Ohm

    I could have written a book with all of these posts

  • Members
  • 3,209 posts
  • Gender:Male
  • Location:Maine, USA

Posted 11 September 2009 - 05:46 PM

That's interesting, but the normal mode of operation is to distribute a tarball of the source code (which usually involves more than the .c file, including a README, INSTALL, LICENSE, Makefile, etc) and include a .asc signature or simply a hash. One thing I can think of that's distributed as simple .c files is exploits, but then are you sure you want everyone to know where it comes from? Anyway, that's neat and I'll listen to this later tonight.

#3 SigFLUP

SigFLUP

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 367 posts
  • Gender:Not Telling

Posted 11 September 2009 - 08:58 PM

That's interesting, but the normal mode of operation is to distribute a tarball of the source code (which usually involves more than the .c file, including a README, INSTALL, LICENSE, Makefile, etc) and include a .asc signature or simply a hash. One thing I can think of that's distributed as simple .c files is exploits, but then are you sure you want everyone to know where it comes from? Anyway, that's neat and I'll listen to this later tonight.


Good luck listening the link seems to be broken and there's a typo for the url. should be gpg_bless not gog_bless. I emailed hpr admin about this. Also, I find being able to sign individual files in a project useful. Mind you most of my projects contain all my files but they need not to. Kinda clues you in to what people change to if you go without any version control too

Edited by SigFLUP, 11 September 2009 - 09:06 PM.


#4 Ohm

Ohm

    I could have written a book with all of these posts

  • Members
  • 3,209 posts
  • Gender:Male
  • Location:Maine, USA

Posted 11 September 2009 - 09:27 PM

Well I fixed the URL here, now sure how many people read it here though.




BinRev is hosted by the great people at Lunarpages!