On Wed, Oct 29, 2014 at 10:37 AM, Kevin Brubeck Unhammer <[email protected]> wrote:
> Mikel Artetxe <[email protected]> writes: > > > > > You could sign the language pairs with your public key when > > uploading, > > > > have the public key in the app, let the app download both language > > pair > > and signature and check the signature. > > > > > > That doesn't make much sense to me. In your schema the attacker would > > also be able to sign his malicious code, as the key would be public > > for everyone. > > Huh? If the attacker signs with her key, then it's signed with her key, > not signed with your key. Then it fails your verification test. > Oh! I see. You wrote that "you could sign the language pairs with your public key", but you actually meant your *private* key. That makes sense, of course. > Let me try explaining again: Your app has your own public key hardcoded. > You sign any language pairs that you upload to your server with your > private key. Your app uses the hardcoded public key to verify on > download that the pairs have been signed with the corresponding private > key. If they are unsigned or signed with some other private key, they > will fail the test. > Sure. In fact, that's exactly what I was proposing from the beginning. Jim's point was that we would be forced to publish our private key because of GPL, but it looks like that wouldn't be necessary after all.
------------------------------------------------------------------------------
_______________________________________________ Apertium-stuff mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/apertium-stuff
