2011/1/29 Michael Stone <[email protected]> > On Fri, 28 Jan 2011 at 14:40:54 -0200 Esteban Bordon wrote: > >> I trying to make a notification system that reads messages from sqlite3 >> database and show them via dbus notifications. I want to store a hash of >> the >> message inside the db to verify each message before show it, but I don't >> know how I do it. >> >> I think sign the message using sig01 of bios-crypto but I don't know how I >> can verify this hash. Can I use some mfg-data tag to verify it (msg signed >> with masterkey appropiate)? >> >> Which command I have to use? >> > > Can you please say a bit more about the system you're building? (The choice > of > the right command almost certainly depends on some further details about > your > goals.) > > In particular: > > * what does a typical message say? >
Institutional or relevant messages about XO and children. For example, "New OS version is released" or "Your laptop will be blocked tomorrow, please update your blacklist" > > * how are messages transmitted? > Laptop download a XML from their school server with the messages. > > * are the messages addressed to one, many, or all possible recipients? > (unicast, multicast, broadcast) > All laptops should receive the same messages > > * are the notifications one-way or will there be replies? > one-way, for now. > > * are the messages solely intended for humans to read or are they also > machine readable? > This application is only for humans. > > * do you care if other people read the messages in transit? (secrecy) > No matter, messages can be puclic. > > * do you care if the messages are modified in transit? (integrity) > Yes. It's one reason for I want sign the messages. > > * is the recipient supposed to know who sent a message? (agreement on > sender identity) > Only school server should to send messages > > * is the sender supposed to know who received a message? (agreement on > receiver identity) > This feature isn't already implemented > > * do you care if a message is never delivered? > (availability / reliability) > If XO connect to server should get the XML. I don't think it as independent messages, all messages are into XML > > * do you care if a message is delivered multiple times? > (replay) > No, laptop application delete duplicate messages > > * do you care if messages are reordered in transit? > (ordering) > No. the application stores the messages into db file. > > * do you have other security goals not mentioned above? > (availability, resource usage limits, non-repudiation, privacy...) > > Regards, > > Michael > Regards, Esteban.
_______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
