want to sign/verify a binary using elfsign, pls let me know the procedure

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

 I am using ubuntu 10.04 LTS - Lucid Lynx.
 I have generated binary using gcc filename.c -o TEST
 I wanted to sign this binary (TEST) using elfsign - 0.2.2
 I have built this package using elfsign-0.2.2 source package.
 My work around:
 :~/Documents/elfsign-0.2.2/tools$ md5sum TEST
 b001f847f6320c0b5145728147517e11 TEST
 :~/Documents/elfsign-0.2.2/tools$ ./elfsign -f TEST -c cacert.pem -p cakey.pem
 Key Password:
 :~/Documents/elfsign-0.2.2/tools$ md5sum TEST
 c41803b138a56c3f69cd9d09ea2f19aa TEST
 I have successfully signed a binary using the above command and checked the
 md5sum before and after signing.
 and I confirmed the signing using below method;
 :~/Documents/elfsign-0.2.2/tools$ readelf -S ./TEST | grep sig
 [30] .sig PROGBITS 00000000 000cff 00081e 00 0 0 0
 :~/Documents/elfsign-0.2.2/tools$ readelf -x 27 ./TEST
 Hex dump of section '.shstrtab':
 0x00000000 002e7379 6d746162 002e7374 72746162 ..symtab..strtab
 0x00000010 002e7368 73747274 6162002e 696e7465 ..shstrtab..inte
 0x00000020 7270002e 6e6f7465 2e414249 2d746167 rp..note.ABI-tag
 0x00000030 002e6e6f 74652e67 6e752e62 75696c64 ..note.gnu.build
 0x00000040 2d696400 2e676e75 2e686173 68002e64 -id..gnu.hash..d
 0x00000050 796e7379 6d002e64 796e7374 72002e67 ynsym..dynstr..g
 0x00000060 6e752e76 65727369 6f6e002e 676e752e nu.version..gnu.
 0x00000070 76657273 696f6e5f 72002e72 656c2e64 version_r..rel.d
 0x00000080 796e002e 72656c2e 706c7400 2e696e69 yn..rel.plt..ini
 0x00000090 74002e74 65787400 2e66696e 69002e72 t..text..fini..r
 0x000000a0 6f646174 61002e65 685f6672 616d6500 odata..eh_frame.
 0x000000b0 2e63746f 7273002e 64746f72 73002e6a .ctors..dtors..j
 0x000000c0 6372002e 64796e61 6d696300 2e676f74 cr..dynamic..got
 0x000000d0 002e676f 742e706c 74002e64 61746100 ..got.plt..data.
 0x000000e0 2e627373 002e636f 6d6d656e 74002e73 .bss..comment..s
 0x000000f0 696700 ig.
 After this I wanted to verify this signed binary and used the below command
 :~/Documents/elfsign-0.2.2/tools$ ./elfverify -f TEST -c cacert.crt -p
 FAIL (The binary digest did not match the signed digest.)
 :~/Documents/elfsign-0.2.2/tools$ ./elfverify -f TEST -c cacert.crt
 FAIL (The binary digest did not match the signed digest.)
 :~/Documents/elfsign-0.2.2/tools$ ./elfverify -f TEST
 Issuer: O=My <email address hidden>, L=bengaluru, ST=karnataka, C=IN,
 Signer: O=My <email address hidden>, L=bengaluru, ST=karnataka, C=IN,
 Issuer is not trusted, would you like to trust them? [y/N] y
 Unable to verify the sign using the certificate and private key path, but if I
 give without root CA then I am asking to enter the option whether to certify
 since the certificate was not trusted by default; if I say 'Y' or 'y' then it
 accepts and prints OK
 My Questions:
 1. How many certificates we need?
 2. What is root certificate?
 3. After signing the binary I am unable to execute the binary as earlier, i,e
 binary is getting modified.
 and if I try to execute the binary getting error saying "Killed"
 4. What I have done so far for signing and verifying for the binary is it the
 correct way? am I going in a right way?
 5. Can anybody please give me some solution Or
 if anybody gives me step by step method to sign the binary with example I
 be very much thankful to them.

Site Timeline