On Feb 2, 2006, at 4:52 AM, Jérôme Multrier wrote:
Did anybody tried to authenticate a file on the gumstix ?
I would like to build updates for my system, that may contain scripts, so I would prefer to check if it is a valid update.
So I would like to put my public signature on the gumstix, and at boot, a script checks if there is a valid update file, then it uses it or not.
I found gnupg compiled for zaurus but i didn't tested yet : http://www.killefiz.de/zaurus/search.php?q=gnupg
another way should be to use dropbear key generating/checking stuff ..
Does anybody have ideas about that ?
Do you need a GPG signature, or would an MD5 checksum be enough? If you're just trying to protect against incomplete downloads, etc then an MD5 check is enough. If you're trying to protect against unauthorized updates though, then you will need to do something like the gpg signing approach.
It shouldn't be too hard to build gpg for the gumstix, I'd have thought. Though you actually only need a tiny subset of gpg's functionality; there might be other lighter-weight more suitable apps out there.