问题
Is there anything similar to Authenticode for Mac and Linux?
If yes, could anyone point to a sample snippet, preferably in C, on how to check that the signature match?
Thank you
EDIT: There is one possible answer to the Mac part in here but I don't know whether this can be done in plain C.
回答1:
The standard way of authenticating code running on a Linux system is to validate the binaries once while installing the package rather than every time they are run. The package (e.g. RPM) contains a cryptographic signature that must match the contents of the files or the installer will refuse to install. Standard UNIX permissions prevent ordinary users from modifying those files on disk afterward. Periodically, the checksums of the files on disk can be compared with what they should be (using RPM or TripWire or something similar) just in case they were able to be modified or become corrupted.
回答2:
On the Mac you can sign your binaries with the same Authenticode cert you would use on Windows (at least we do this and it works fine).
You need to import the certificate (including the private key) into your keychain and then use Xcode or codesign to sign the binary.
来源:https://stackoverflow.com/questions/5951310/authenticode-or-other-code-signing-for-mac-and-linux