Modern versions use SIGN2= fields utilizing public/private key pairs. Even if an analyst extracts the public keys from the daemon, they cannot generate signatures without the vendor's private key hosted securely at the software vendor's headquarters.