Login/Register
What is Authenticode equivalent for .NET Core on Linux?
Asked Answered
linux.net-corecode-signingauthenticode
L

1

6

On Windows, there is Authenticode to sign .NET Core / .NET 5 assemblies (please note that I am not referring to Strong Name Signing which is different). This prevents tampering and guarantees authenticity.

I am new to .NET Core on Linux. What is the equivalent of Authenticode signing on Linux for .NET Core? Since Authenticode signing is part of the Windows SDK (and not .NET Core) it is not available on Linux. Ideally there is some widely used convention for this.

Have looked around extensively on SO and online and have not been able to find anything useful or definitive. Any guidance would be greatly appreciated.

Leaden answered 12/6, 2021 at 19:5 Comment(2)
I don't believe there is any such equivalent.Alevin
Maybe github.com/dotnet/sign is something that fits into your requirements.Brodie
O
2

Executable code signing on Linux is typically done at the package repo level, not at the individual executable level.

One option, therefore, is to try getting your software into one of the major package repos for your chosen platform: APT, DNF, Homebrew…

For cases where that isn’t acceptable, you can set up your own repo and try to convince your users to install the repo, which in turn signs the packages delivered through it.

Omor answered 13/6, 2021 at 23:43 Comment(3)
What about for a corporate environment where you don't want to make the binaries public, what would the recommended approach be?Leaden
Also - would this repo approach allow verification of binary tampering "on the box" or only at install time? Thanks again for your helpLeaden
Re: corporate, nothing stops you from setting up a local repo server. It doesn’t have to be public. Re: post-install verification, many package repo systems do have such features. Be specific.Omor

© 2022 - 2024 — McMap. All rights reserved.