I need someone to help me with a C Program code for code signing of a binary file.
Needs to be done with features - x509 chain of ECC (prime256v1) certificate using openSSL.
You need to create a script where a random binary file will be there, who's SHA256 hash needs to be created. This hash needs to be signed using a leaf node private key using openSSL. this key is appended to original binary file, along with a certificate chain. The leaf node's certificate needs to be generated, this will be signed by one intermediate certificate and the intermediate cert will be signed in-turn by a root certificate.
I have above part, but can't share.
At client side, a public key to root cert will be available, which needs to be used to verify root certificate, then the trusted chain of root, intermediate and leaf node has to be established and then using leaf node's public key, the binary hash needs to be encrypted and the binary has for binary file needs to be calculated and compared with decrypted hash.
P.S: I have my all certificates should be in .pem format. The code should run in any IDE which you are comfortable with, only it should use GCC