LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-12-2018, 10:09 AM   #1
ktalinki
LQ Newbie
 
Registered: Dec 2016
Posts: 3

Rep: Reputation: Disabled
Is it feasible to sign RPM/Deb using a cert issued by Trusted CA or signing with a GPG Key Pair Signed by a Trusted CA


Hi,
I am trying to sign our custom rpm/deb install packages so that the end users can verify the signature.
Using GPG Key pair generated locally and used for signing, requires the end user to download/import it on the target machine to verify the package signature.

On Windows, a vendor can sign the binaries with a key signed by a trusted root CA like DigiCert and on the target machine end user does not need to install the public key/cert from that vendor. And the signature verification checks the trusted root chain with the installed Root CA certificates.
Is this feasible/supported organically in Linux?


Is one of the following feasible to achieve I described above:
1> Generate a GPG Key Pair signed by a Trusted Root CA
2> Signing a GPG Key Pair ganerated by a Trusted Root CA (like DigiCert)
3> Signing rpm/deb packages and with a Cert issued by a Trusted Root CA

thank you,
Kumar Talinki
 
Old 07-12-2018, 07:46 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 13,698
Blog Entries: 22

Rep: Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601
Web searches for "rpm gpg key" and "deb gpg key" turn up many articles and forum posts on this topic.
 
  


Reply

Tags
gpg, key, rpm, signing


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ERROR: can not find RHNS CA file: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT Rollodus Linux - Server 1 01-29-2018 01:20 AM
How to backup my GPG Key pair? Amarildo Linux - Newbie 1 06-17-2014 08:11 PM
[SOLVED] suddenly ca-cert isn't trusted anymore - msmtp problem? gorillus Slackware 3 09-29-2011 10:47 AM
Self signed public key (GPG) prabhatsoni Linux - Software 2 09-16-2010 10:18 PM
GPG encrpyted -- signed by which key? prn Linux - Security 2 03-13-2008 12:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration