From e3035c123f237304003ea529d9f4fe8034acd73c Mon Sep 17 00:00:00 2001 From: Brian Davis Date: Sat, 27 Apr 2024 19:30:01 -0400 Subject: [PATCH] feat: add cosign keyless signatures - add cosign keyless signatures --- README.md | 7 ++++++- checksec_new.pub | 1 + checksec_new.sig | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 checksec_new.pub create mode 100644 checksec_new.sig diff --git a/README.md b/README.md index 746c6b0..26ed7dd 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,12 @@ For OSX ------- Most of the tools do not work on mach-O binaries or the OSX kernel, so it is not supported -Manually verify checksec +**Cosign Verify Checksec** + +`cosign verify-blob --signature checksec_new.sig --certificate checksec_new.pub checksec --certificate-identity=slimm609@gmail.com --certificate-oidc-issuer=https://github.com/login/oauth` + +**Openssl Verify Checksec** +Openssl verification is being deprecated in favor of Cosign Verification, which is backed by a hardware security module and provides a greater level of intergrity. `openssl dgst -sha256 -verify checksec.pub -signature checksec.sig checksec` diff --git a/checksec_new.pub b/checksec_new.pub new file mode 100644 index 0000000..a10a005 --- /dev/null +++ b/checksec_new.pub @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwVENDQWxlZ0F3SUJBZ0lVWXJkQXNRZWF6SC9ibFU3bVI1cXRTRVJVOFlFd0NnWUlLb1pJemowRUF3TXcKTnpFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUjR3SEFZRFZRUURFeFZ6YVdkemRHOXlaUzFwYm5SbApjbTFsWkdsaGRHVXdIaGNOTWpRd05ESTNNak15T1RBMldoY05NalF3TkRJM01qTXpPVEEyV2pBQU1Ga3dFd1lICktvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU5Q051Rld1bm1kNlZ6YkNyQm1iYUdkMUFuL3c4eVFRcGF6a1IKSUdGM1BHZ1hCSjhmSFFFTE1JUlAvRW9BVzRPbVY5aDBiMTdEU3lLNlhNWXVZbGNvTTZPQ0FYWXdnZ0Z5TUE0RwpBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVVVZjBQClRpa1NUTXFCYXRqbUJ2dFV2bURGdk5jd0h3WURWUjBqQkJnd0ZvQVUzOVBwejFZa0VaYjVxTmpwS0ZXaXhpNFkKWkQ4d0lBWURWUjBSQVFIL0JCWXdGSUVTYzJ4cGJXMDJNRGxBWjIxaGFXd3VZMjl0TUN3R0Npc0dBUVFCZzc4dwpBUUVFSG1oMGRIQnpPaTh2WjJsMGFIVmlMbU52YlM5c2IyZHBiaTl2WVhWMGFEQXVCZ29yQmdFRUFZTy9NQUVJCkJDQU1IbWgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzlzYjJkcGJpOXZZWFYwYURDQmlnWUtLd1lCQkFIV2VRSUUKQWdSOEJIb0FlQUIyQU4wOU1Hckd4eEV5WXhrZUhKbG5Od0tpU2w2NDNqeXQvNGVLY29BdktlNk9BQUFCanlIawpFNTBBQUFRREFFY3dSUUloQUtxY1hyVitvRVRqa3drUG93MEsvSzlXd0gzbExmTnVqMWJEdDJUcEdpd1ZBaUEvCm12bXpGemJUbitrblZJVUlCQVBxSlcrdEoxOTgrQVdXc0JMMHllSjh1VEFLQmdncWhrak9QUVFEQXdOb0FEQmwKQWpFQXBRR29pTHpKZ1NhREVSZzBLN1V4TDVGMEdEclk4Lzh6SUZlSUR5aERKSVdWTTlJTUVqMCtIektnMFRPUgpacnlTQWpBMXlXNzRuNEJveE1yd3BGRkU4bjg2OXpVOEQzQnRyQ0hMVzFvR1kzT0ZIa0NNUHZPSUU5bzlOSEpnCkI4U2dzMDg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K diff --git a/checksec_new.sig b/checksec_new.sig new file mode 100644 index 0000000..6b84f72 --- /dev/null +++ b/checksec_new.sig @@ -0,0 +1 @@ +MEUCIQDWbgZM95MYkvWxwrz/yNCZ6WPM0PTQpX/+v2Tu+9N3zgIgLuL/3oTJS/QsR08pq54vD3F5Roy5+0s4xrqCWv4NXYs=