Peter Lebbing: > On 23/03/13 21:06, adrelanos wrote: >> TrueCrypt.org says [1] they are signing "TrueCrypt Setup >> 7.1a.exe" [2] with a X.509 signature. How can I verify such a >> signature? > > This is probably a "Microsoft Authenticode" signature on a > Microsoft PE executable. It's very specifically a Microsoft thing, > and you'll need a program with specific support for this format. > It's X.509 wrapped inside an executable.
Ah. Ok. Will google that up. > If you Google for it, you'll probably find a lot of references to a > heated discussion between Matthew Garret and Linus Torvalds about > including a parser in the Linux kernel :). Ok. > The best I could come up with through Googling was [1]. You might > be able to write something up in Python with the pefile module. > > Alternatively, just either - verify on Windows, by checking the > "Properties" of the executable - verify using the OpenPGP signature > they also provide Ok, got that. I primarily looking for some mechanism built into mainstream Linux distributions, making it much easier to verify a file comes from a specific entity. This thing sounds much too complicated. Thanks! :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
