20Eyl
Code signing with certificate and binary digest
I'm working on a code-signing requirement for a project. I'm planning to obtain the Code signing certificate and a private key from external vendors like DigiCert and use it.
Step 1: Building the digest of the binary
openssl dgst -sha256 -binary < your_binary > digest.bin
Step 2: Sign the Digest
openssl pkeyutl -sign -in digest.bin -inkey private.key -out signature.bin -pkeyopt digest:sha256
Step 3: I could use the signature from the above step, but I need to do the following
combining digest with the code signing certificate to create a signature block
How do I achieve this step with openssl
? Also is this a right way for code signing binary executables .deb/.rpm
?