Skip to content

Commit 0375812

Browse files
ssaavedrassaavedra
committed
Specify how digital signatures are to be crafted on Type-2
1 parent da2633c commit 0375812

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

draft.md

+12
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,18 @@ An [AppImage] which conforms to the type 2 image format:
133133
* **MUST** work when spaces are used in its own filesystem path, in its own file name and in paths and filenames it uses internally
134134
* **MAY** embed [update information] in the ELF section `.upd_info`. If the information in this location is not in one of the known [update information] formats, then it **SHOULD** be empty and/or be ignored
135135
* **MAY** embed a digital signature in the ELF section `.sha256_sig`. If this section exists then it **MUST** either be empty (filled with `0x00` padding) or contain a valid digital signature of the sha256 of the AppImage assuming the ELF section `.sha256_sig` being filled with `0x00` padding ([why?](https://github.com/probonopd/AppImageKit/issues/238#issuecomment-249412813))
136+
* **MAY** embed a digital signature in the ELF section `.sha256_sig`. If this section exists then it **MUST** **EITHER** be empty (filled with `0x00` padding) **OR** start with an OpenGPG ASCII Armored block as defined per [RFC 4880](https://tools.ietf.org/html/rfc4880) containing a detached signature. Trailing space SHOULD be filled with `0x00` padding. Keep special attention to the following RFC note:
137+
138+
> Note that all these Armor Header Lines are to consist of a complete
139+
line. That is to say, there is always a line ending preceding the
140+
starting five dashes, and following the ending five dashes. The
141+
header lines, therefore, MUST start at the beginning of a line, and
142+
MUST NOT have text other than whitespace following them on the same
143+
line.
144+
145+
* This means that a valid digital signature **MUST** begin with a newline character, and end with a newline character, and **SHOULD** be followed by as many `0x00` bytes as required in order to fill the ELF section.
146+
* The signed plaintext **MUST** be the ASCII string that results from converting into hexadecimal notation the binary bytes of the SHA-256 hash of the ELF file when substituting the `.sha256_sig` and `.upd_info` ELF sections with `0x00` padding.
147+
136148
* **MUST** contain the magic hex `0x414902` at offset 8 ([why?](https://github.com/probonopd/AppImageKit/issues/144))
137149

138150
### Contents of the image

0 commit comments

Comments
 (0)