I would like to sign ELF files, preferably with a PGP key and later be able to verify the signature. Failing that I'll also go with a Authenticode or SSL certificate for signing if that makes more sense. Existing options, such as signelf, seem to be only available under copyleft licenses (even if it's the LGPL, but it imposes restrictions that prevent me from using it) or old/unmaintained.
What options do I have that can be used in a proprietary program?
Note: we can limit the scope of the question to Linux even though ELF isn't particular to Linux.
Even if there is no ready to use program and/or library under a liberal (non-copyleft) FLOSS license, I would appreciate pointers to standardization documents in case some kind of de-facto standard has emerged. I'm not aware of one, but then that's the reason I ask.
From what I see all distros seem to rely on signing the packages and verify these. That's fine in general but I would like to take it a step further.
