At present, it only works with the ELF (Execution and Link Format) files used by several flavors of UN*X including GNU/Linux, and it only supports gpg for creating and verifying signatures. It embeds a secure hash of the file contents in the file and optionally signs this hash value.Any change in the file contents will be easily discovered.Either the hash value does not match the file contents, the hash is absent, the signature (optional) of the hash value is invalid, ir the signature (optional) is absent.
Install bsign on ubuntu
Open the terminal and run the following command
sudo apt-get install bsign
bsign [ options | FILENAMES ]
Rewrite file with a hash
sudo bsign --hash file
Verify the hash in file
sudo bsign --check-hash file
Rewrite file with a hash and sign it with the default secret key in keydir
sudo bsign --sign file -P "--homedir keydir"
Verify the hash and signature in file using the key in keydir
sudo bsign --verify file -P "--homedir keydir"
Sign the unsigned files in the whole filesystem
sudo bsign --sign -i / -e /proc -I -s --P "--homedir keydir"
Verify signatures for all files in the filesystem and only report those that have been tampered or are unsigned.
sudo bsign --verify -i / -e /proc -I -G --P "--homedir keydir"