PKI.sign.tar: Functions for signing and verification of tar files


PKI.sign.tar appends a signature to a tar file

PKI.verify.tar verifies the signature in a tar file


PKI.sign.tar(tarfile, key, certificate, output = tarfile)
PKI.verify.tar(tarfile, key, silent = FALSE, enforce.cert = FALSE)



string, file name of the file to sign


PKI.sign.tar: private key to use for signing; PKI.verify.tar: optional, public key to use for verification


optional, certificate to embed in the signature with the public key matching key. If not present the signature will only contain the public key.


file name, connection or raw vector determining how to store the signed tar file


if TRUE then no warning are generatod, otherwise a warning is issues for failed verification describing the reason for failure


if TRUE then a certificate is required in the signature. It can be also set to a valid certificate in which case the public key of the certificate in the signature must also match the public key in the supplied certificate.


PKI.tar.sign adds extra entry .signature with the signature based on the contents of the tarfile. Note that any existing signatures are retained. key is a mandatory private key used to sign the content. certificate is optional but if present, it will be embedded in the signature.

The tarfile can be in compressed form (gzip, bzip2 or xz) in which case it is decompressed internally before the signature is applied. If output is a file name then the same compression is applied to the output, otherwise the output is uncompressed.

PKI.verify.tar retrieves the last .signature entry from the tar file (if tarfile is a file name then the same compression auto-detection is applied as above) and verifies the signature against either the supplied (public) key or against the key or certificate stored in the signature. The result is TRUE or FALSE except when enforce.cert is set. In that case the result is the certificate contained in the signature if the validation succeeded (and thus it can be further verified against a chain of trust), otherwise FALSE.


The signature format is ASN.1 DER encoded as follows:

SEQ(signature BITSTRING, subjectPublicKeyInfo, Certificate[opt])

The subjectPublicKeyInfo can be NULL in which case the certificate must be present (in X.509 DER format).

The signature is appended as tar entry named .signature. However, terminating blocks are not removed from the file, so the signature is placed after the EOF blocks and thus doesn't affect extraction.


Simon Urbanek

Questions? Problems? Suggestions? or email at

All documentation is copyright its authors; we didn't write any of that.