Episode: 443 Title: HPR0443: How to Sign C Files with GPG Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0443/hpr0443.mp3 Transcribed: 2025-10-07 20:41:00 --- Two, three, two, one. Hello everyone, my name is Sikflup and I want to share with you mainly this is prompted from Glutu talking about GPG stuff, so maybe I should do, so I want to share with you a script that I like to use, now you can find the script at hdtp colon slash slash tmd dot f-r-e-s-h-e-l dot org slash gpg underscore b-l-e-s-s that is tmd dot free shell dot org slash gpg underscore bless, now what this is is a program or a script or other that you run in a directory that you have a lot of c files and a lot of h files and it will go through everyone and add a signature to these files such that they can still be compiled can be compiled by your favorite c compiler without any troubles and can also be directly verified by gpg as authentic to the key that you use to sign a with, now before you use this script you want to open it up with an editor and you'll see a couple of lines of text at the very beginning, a little bit after the hash exclamation slash bin slash s-h line, one of them is default underscore key equals blah blah blah, this happens to be my key, what you want to do is replace this with the key that you want to use to sign your c files and your header files, this is this argument, this variable variable is how it would be as a dash dash default dash key argument for gpg and the line after that is install prefix, now what this script does is when you run it it installs another script that's inside of it into your path and then runs that script for every c file and every h file, that way I don't have to distribute two scripts, we only have to distribute one and so what you want to do again is have install prefix be somewhere where you can run a program happens to be slash user slash bin for me, but you might not have root privileges, so you might want to put that in like your home directory slash local slash bin or something like that, so go to the very bottom, this is the last modification you're going to make to the script, go to the very bottom and you'll see a bunch of lines of text called that start with scripts colon header colon, now and also script colon tail colon, now this is the header block and the tail block that gets written to the c file, if you, this happens to be my signature, so you really want to change this to your own signature, and the only important thing here is that you keep the last line of scripts colon header colon as asterisk slash because that indicates the compiler that this is the end of a comment, and the point of this is that the signature looks like a comment to the compiler, so it is ignored, and you also want to keep the very first script colon tail colon line, again this indicates to be, this is so it looks like the tail, the actual signature part of it is just a comment to the compiler, and this can be any number lines of text you want, it doesn't really matter, and really changes that signature, so after you do all this, run it in a directory with c files and h files, and it will go through everyone, and what it will do is it will check to see if these blocks exist within that file, and if they don't, it goes ahead and puts them in there, and asks you to enter in your passphrase, it signs it, and then it goes to the next one, if these blocks are here, it checks, it verifies that the c file is unchanged or authentic to the key, and if it isn't, it asks you to type in your passphrase, and it will verify it again, so it pretty much blesses every file that you have in the directory as authentic, now the other program that, in running this, the program that this installed is called csig, and you can use this on individual files if you want, you can type csig, and it will type out, it will echo usage colon csig file.c, for instance, you can type in whatever file you want to sign, and that's it, if you have any questions, feel free to email me, my email email address is pantsbutt at gmail.com, it's not a very pretty script, so if I hear a lot of people are using it, maybe we'll write a version that is a little bit more pretty and useful to people, so thank you, and good night! . .