验证 C 代码中的 rpm 签名?
verify an rpm signature in C code?
如何在我的 C 代码中验证 rpm 包的签名(使用 GPG 签名)?
想要阅读签名的 rpm header,以便我可以使用 openssl 调用进行验证。
我的想法是否正确?
验证签名的简单方法是(在 C 代码中)打开到 rpm 命令的管道以验证包:
FILE *fp = popen("rpm -K mypackagefile.rpm 2>&1 ", "r");
...read the result with fgets, or whatever
pclose(fp);
从命令行,几个输出示例:
$ rpm -K ncurses6-6.0-20150725.x86_64.rpm |for-paste
ncurses6-6.0-20150725.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
$ rpm -Kv ncurses6-6.0-20150725.x86_64.rpm
ncurses6-6.0-20150725.x86_64.rpm:
Header V4 DSA/SHA1 Signature, key ID f7e48edb: OK
Header SHA1 digest: OK (208298c8b2ee9db30f01c817b773ce30caf74034)
MD5 digest: OK (88c6c126cc1dc4d2a38916c3fce448be)
V4 DSA/SHA1 Signature, key ID f7e48edb: OK
在第一种(非详细)情况下,仅当签名验证时才会打印 gpg。您使用 -v 详细选项显示签名 f7e48edb.
的详细信息
供参考:
- Using rpm -K(最大转速)
- Tools For Studying RPM Files(最大转速)
这些可能未安装在您的系统上。
- tools/rpmsignature.c
"Programming RPM with C" from Fedora might help, specifically the section "Reading the RPM lead and signature"。这只是一些 C 调用的概述;然后它说 "You can do more with the signature than merely reading past it, of course. Look in the online RPM documentation for more on verifying signatures."
如何在我的 C 代码中验证 rpm 包的签名(使用 GPG 签名)? 想要阅读签名的 rpm header,以便我可以使用 openssl 调用进行验证。
我的想法是否正确?
验证签名的简单方法是(在 C 代码中)打开到 rpm 命令的管道以验证包:
FILE *fp = popen("rpm -K mypackagefile.rpm 2>&1 ", "r");
...read the result with fgets, or whatever
pclose(fp);
从命令行,几个输出示例:
$ rpm -K ncurses6-6.0-20150725.x86_64.rpm |for-paste
ncurses6-6.0-20150725.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
$ rpm -Kv ncurses6-6.0-20150725.x86_64.rpm
ncurses6-6.0-20150725.x86_64.rpm:
Header V4 DSA/SHA1 Signature, key ID f7e48edb: OK
Header SHA1 digest: OK (208298c8b2ee9db30f01c817b773ce30caf74034)
MD5 digest: OK (88c6c126cc1dc4d2a38916c3fce448be)
V4 DSA/SHA1 Signature, key ID f7e48edb: OK
在第一种(非详细)情况下,仅当签名验证时才会打印 gpg。您使用 -v 详细选项显示签名 f7e48edb.
供参考:
- Using rpm -K(最大转速)
- Tools For Studying RPM Files(最大转速)
这些可能未安装在您的系统上。 - tools/rpmsignature.c
"Programming RPM with C" from Fedora might help, specifically the section "Reading the RPM lead and signature"。这只是一些 C 调用的概述;然后它说 "You can do more with the signature than merely reading past it, of course. Look in the online RPM documentation for more on verifying signatures."