It is available under GPL license and you can download it from http://sourceforge.net/projects/disec/ (digsig package).
Typically, in our approach, binaries are not signed by vendors, but we rather hand over control of the system to the local administrator.
S/he is responsible to sign all binaries s/he trusts with her/his private key. Therefore, DigSig guarantees two things: (1) if you signed a binary, nobody else than you can modify that binary without being detected, and (2) nobody can run a binary which is not signed or badly signed.
From release 1.2, the caching of signatures at kernel level is supported. Once the signature of a binary is verified, its signature is cached in the
kernel memory. Therefore, there is no need for signature verification in subsequent calls to this binary. When a binary file is modified, the corresponding cache entry in the memory is invalidated. This reduced the overhead of the use of DigSig. For exact measures, please consult the README file of the project.”
Link: sourceforge.net
Category:
- Linux