Re: Help with signing messages
Hi Daniel, Thanks for your answers. This will be very useful to me. Regarding your doubt I'm confused here because, above, you said that a typical message might be Your laptop will be blocked tomorrow, please update your blacklist. Is this kind of message supposed to be: * received and displayed by all laptops? * received by all laptops and displayed by one or more addressed laptops? * received and displayed only by addressed laptops? Maybe this example was not the best. Classes start tomorrow can be more representative. The other kind of message Your laptop will be blocked tomorrow, please update your blacklist. can be displayed by internal dbus message (offline). Regards, Esteban. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Help with signing messages
Hi Michael (sorry for confuse) , Thanks for your answers. This will be very useful to me. Regarding your doubt I'm confused here because, above, you said that a typical message might be Your laptop will be blocked tomorrow, please update your blacklist. Is this kind of message supposed to be: * received and displayed by all laptops? * received by all laptops and displayed by one or more addressed laptops? * received and displayed only by addressed laptops? Maybe this example was not the best. Classes start tomorrow can be more representative. The other kind of message Your laptop will be blocked tomorrow, please update your blacklist. can be displayed by internal dbus message (offline). Regards, Esteban. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Help with signing messages
On Sun, Feb 13, 2011 at 7:38 PM, Michael Stone mich...@laptop.org wrote: a) Online signing w/ HTTPS: That's a very good idea. I had mentioned using OLPC BIOS Crypto to Esteban, but the main issue is ensuring the msg comes from a trusted network host, so HTTPS does the job perfectly fine, and is the simplest to implement. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- Software Architect - OLPC - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Help with signing messages
On Thu, 3 Feb 2011 at 15:02:21 -0200, Esteban Bordon ebor...@plan.ceibal.edu.uy wrote: 2011/1/29 Michael Stone mich...@laptop.org On Fri, 28 Jan 2011 at 14:40:54 -0200 Esteban Bordon wrote: I trying to make a notification system that reads messages from sqlite3 database and show them via dbus notifications. I want to store a hash of the message inside the db to verify each message before show it, but I don't know how I do it. I think sign the message using sig01 of bios-crypto but I don't know how I can verify this hash. Can I use some mfg-data tag to verify it (msg signed with masterkey appropiate)? Which command I have to use? Can you please say a bit more about the system you're building? (The choice of the right command almost certainly depends on some further details about your goals.) Hi Esteban, Thanks for the detailed responses and apologies for my delay in replying to you. In particular: * what does a typical message say? Institutional or relevant messages about XO and children. For example, New OS version is released or Your laptop will be blocked tomorrow, please update your blacklist * how are messages transmitted? Laptop download a XML from their school server with the messages. * are the messages addressed to one, many, or all possible recipients? (unicast, multicast, broadcast) All laptops should receive the same messages I'm confused here because, above, you said that a typical message might be Your laptop will be blocked tomorrow, please update your blacklist. Is this kind of message supposed to be: * received and displayed by all laptops? * received by all laptops and displayed by one or more addressed laptops? * received and displayed only by addressed laptops? * are the notifications one-way or will there be replies? one-way, for now. * are the messages solely intended for humans to read or are they also machine readable? This application is only for humans. * do you care if other people read the messages in transit? (secrecy) No matter, messages can be puclic. * do you care if the messages are modified in transit? (integrity) Yes. It's one reason for I want sign the messages. * is the recipient supposed to know who sent a message? (agreement on sender identity) Only school server should to send messages * is the sender supposed to know who received a message? (agreement on receiver identity) This feature isn't already implemented * do you care if a message is never delivered? (availability / reliability) If XO connect to server should get the XML. I don't think it as independent messages, all messages are into XML * do you care if a message is delivered multiple times? (replay) No, laptop application delete duplicate messages * do you care if messages are reordered in transit? (ordering) No. the application stores the messages into db file. * do you have other security goals not mentioned above? (availability, resource usage limits, non-repudiation, privacy...) Regards, Michael Regards, Esteban. Okay. Based on what you've told me here, I see three approaches that seem like they might do what you want at reasonable cost: a) Online signing w/ HTTPS: If you trust your school servers and your school-server technicians to keep secrets, then you can meet your goals with something like: curl --cacert ... https://my.school.server/messages.xml; The point is to 1) open an HTTPS connection to your school-server, 2) verify the cert-chain that you receive against a previously distributed CA cert that you issued, and, 3) download your XML over this authenticated, integrity-preserving connection b) Offline signing w/ OpenSSL: If you really want to do offline signatures, for example, because you don't trust your school server to keep secrets, then the OpenSSL command line tools like openssl rsautl can probably help. c) Offline signing w/ bios-crypto If you want to do offline signatures with the same crypto tools used for OFW and build signatures, then bios-crypto's cli_tool http://dev.laptop.org/git/bios-crypto/tree/cli.README may be what you want. Do any of these approaches look like they might work for you? Regards, Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Help with signing messages
2011/1/29 Michael Stone mich...@laptop.org On Fri, 28 Jan 2011 at 14:40:54 -0200 Esteban Bordon wrote: I trying to make a notification system that reads messages from sqlite3 database and show them via dbus notifications. I want to store a hash of the message inside the db to verify each message before show it, but I don't know how I do it. I think sign the message using sig01 of bios-crypto but I don't know how I can verify this hash. Can I use some mfg-data tag to verify it (msg signed with masterkey appropiate)? Which command I have to use? Can you please say a bit more about the system you're building? (The choice of the right command almost certainly depends on some further details about your goals.) In particular: * what does a typical message say? Institutional or relevant messages about XO and children. For example, New OS version is released or Your laptop will be blocked tomorrow, please update your blacklist * how are messages transmitted? Laptop download a XML from their school server with the messages. * are the messages addressed to one, many, or all possible recipients? (unicast, multicast, broadcast) All laptops should receive the same messages * are the notifications one-way or will there be replies? one-way, for now. * are the messages solely intended for humans to read or are they also machine readable? This application is only for humans. * do you care if other people read the messages in transit? (secrecy) No matter, messages can be puclic. * do you care if the messages are modified in transit? (integrity) Yes. It's one reason for I want sign the messages. * is the recipient supposed to know who sent a message? (agreement on sender identity) Only school server should to send messages * is the sender supposed to know who received a message? (agreement on receiver identity) This feature isn't already implemented * do you care if a message is never delivered? (availability / reliability) If XO connect to server should get the XML. I don't think it as independent messages, all messages are into XML * do you care if a message is delivered multiple times? (replay) No, laptop application delete duplicate messages * do you care if messages are reordered in transit? (ordering) No. the application stores the messages into db file. * do you have other security goals not mentioned above? (availability, resource usage limits, non-repudiation, privacy...) Regards, Michael Regards, Esteban. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Help with signing messages
On Fri, 28 Jan 2011 at 14:40:54 -0200 Esteban Bordon wrote: I trying to make a notification system that reads messages from sqlite3 database and show them via dbus notifications. I want to store a hash of the message inside the db to verify each message before show it, but I don't know how I do it. I think sign the message using sig01 of bios-crypto but I don't know how I can verify this hash. Can I use some mfg-data tag to verify it (msg signed with masterkey appropiate)? Which command I have to use? Can you please say a bit more about the system you're building? (The choice of the right command almost certainly depends on some further details about your goals.) In particular: * what does a typical message say? * how are messages transmitted? * are the messages addressed to one, many, or all possible recipients? (unicast, multicast, broadcast) * are the notifications one-way or will there be replies? * are the messages solely intended for humans to read or are they also machine readable? * do you care if other people read the messages in transit? (secrecy) * do you care if the messages are modified in transit? (integrity) * is the recipient supposed to know who sent a message? (agreement on sender identity) * is the sender supposed to know who received a message? (agreement on receiver identity) * do you care if a message is never delivered? (availability / reliability) * do you care if a message is delivered multiple times? (replay) * do you care if messages are reordered in transit? (ordering) * do you have other security goals not mentioned above? (availability, resource usage limits, non-repudiation, privacy...) Regards, Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel