Thanks very much for this, Brian. It's not only helpful, it's easier
than I was trying to make it.
Am I correct that I can continue to use the same .pem files for each
update, as long as I recreate the signatures? Is there any disadvantage
to that? It doesn't matter too much since your generator script works
great on my Mac so it's easy to make new keys.
On 5/22/18 7:12 PM, Brian Milby via use-livecode wrote:
Well, it isn't a full library, but I did put together a demo of how it can
work:
https://github.com/bwmilby/lc-misc/tree/master/SignVerify
https://github.com/bwmilby/lc-misc/raw/master/SignVerify/SignVerify.livecode
I've only tested on Mac, but it should work everywhere if you already have
the keys. Not sure how to generate the keys on Windows, but the button
should work on Linux.
Hope it helps.
Thanks,
Brian
On Tue, May 22, 2018 at 2:57 PM, Brian Milby <br...@milby7.com> wrote:
Can’t make any changes to the stack once you generate the hash or it will
not match.
On Tue, May 22, 2018 at 2:41 PM J. Landman Gay via use-livecode <
use-livecode@lists.runrev.com> wrote:
Would it be okay to store the encrypted hash in a custom property of the
remote stack?
I'll need to experiment to see if I can do what you've outlined, unless
you write a library before I figure it out... ;)
On 5/22/18 12:03 AM, Brian Milby via use-livecode wrote:
The dictionary entries that you want are "encrypt using rsa", "decrypt
using rsa", and "messageDigest'.
High level process...
- Generate a public/private key pair
- Package the file that you want to ensure is not tampered with
- Generate a hash of the file (messageDigest)
- Encrypt the hash with your private key (encrypt using rsa)
- Store the encrypted hash along with the file to download (or possibly
put
them both into a zip to make a single download)
- Store the public key inside the app
- Download the encrypted hash and the file
- Decrypt the hash using the public key (decrypt using rsa)
- Compare the decrypted hash with a calculated hash of the downloaded
file
- If they match, then the file has not been changed
If you also want to utilize a similar process to secure the file itself
from viewing, then you will need to do something a little different.
The
dictionary suggests that a possible method would be to generate a random
key to actually encrypt the file (symmetric encryption - encrypt). That
key would be encrypted with a public key. The encrypted file and
encrypted
key would be stored for download. The app would use the private key to
decrypt the data encryption key. Once the data encryption key was
obtained, the data could be decrypted. You would want to use a
different
public/private pair of keys for this operation.
This all sounds like a good project for a library (for use in an app)
and a
stack (to handle the front end). I didn't go checking to see if one
already existed though.
--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
