7

I need some help in determining if an ELF file is signed or with a valid signature or not.

I have used the readelf tool with -S option in order to view the section headers and more specifically, the sig section header. This is the result I got:

[30] .sha256_sig         PROGBITS         00000000000000000  00023276
[31] .sig_key            PROGBITS         00000000000000000  00023676

Few questions:

  1. Since there are two headers (sha256_sig and sig_key), does this mean the ELF is signed?
  2. How can I verify the signature?
perror
  • 19,083
  • 29
  • 87
  • 150
user9248612
  • 71
  • 3

1 Answers1

2

The -S flag lists all section headers, not "sig[nature] section header". The S stands for "sections", not "signature".

Moreover, these section names appear to be quite unrelated to linux itself, but are part of the linux AppImage application, a third party application framework that includes it's own signed update mechanism. The only references I could find to these section names are part of it's update mechanism as can be seen in this Pull Request.

NirIzr
  • 11,765
  • 1
  • 37
  • 87