Hello,

How to digitally sign the binaries (executable files) is linux.
& how to verify them at the receiver side.

What file needs to be transferred for sender to receiver.

I tried with openssl dgst command. but not getting exact idea on how to do it.

is it that digitally signed certificates (.pem) files should be there for signing? . is it that sender signs it with his private key (.pem file) & receiver verifies it with senders public key ( .pem file) ?

how it is ? please suggest how to proceed on this on linux ?

regards,
vinay

"Detached signature" (.sig) files can be generated using gpg -b <filename>

This prompts for a private key.

The .sig files are distributed with the files themselves.

Recipients can check the files using the .sig files and the public key. The command is gpg --verify <filename>.sig

There are various ways - GnuPG is one, as mentioned.

Normally you provide the binary itself, plus a signed digest of the binary. A crypto signature is approximately the size of the binary itself. This is impractical for large files (which is why you'd sign the digest).

You're halfway there...

You sign with the private key. Recipient verifies with the corresponding public key. This is not unique to GNU/Linux, but is a standard protocol.