@Mark Would the loading of LCB extensions be a good thing to add to the securityPermissions (or does external already cover it)?
On Tue, May 22, 2018 at 7:12 PM Brian Milby <br...@milby7.com> wrote: > Well, it isn't a full library, but I did put together a demo of how it can > work: > > https://github.com/bwmilby/lc-misc/tree/master/SignVerify > > https://github.com/bwmilby/lc-misc/raw/master/SignVerify/SignVerify.livecode > > I've only tested on Mac, but it should work everywhere if you already have > the keys. Not sure how to generate the keys on Windows, but the button > should work on Linux. > > Hope it helps. > > Thanks, > Brian > > On Tue, May 22, 2018 at 2:57 PM, Brian Milby <br...@milby7.com> wrote: > >> Can’t make any changes to the stack once you generate the hash or it will >> not match. >> >> On Tue, May 22, 2018 at 2:41 PM J. Landman Gay via use-livecode < >> use-livecode@lists.runrev.com> wrote: >> >>> Would it be okay to store the encrypted hash in a custom property of the >>> remote stack? >>> >>> I'll need to experiment to see if I can do what you've outlined, unless >>> you write a library before I figure it out... ;) >>> >>> >>> On 5/22/18 12:03 AM, Brian Milby via use-livecode wrote: >>> > The dictionary entries that you want are "encrypt using rsa", "decrypt >>> > using rsa", and "messageDigest'. >>> > >>> > High level process... >>> > - Generate a public/private key pair >>> > - Package the file that you want to ensure is not tampered with >>> > - Generate a hash of the file (messageDigest) >>> > - Encrypt the hash with your private key (encrypt using rsa) >>> > - Store the encrypted hash along with the file to download (or >>> possibly put >>> > them both into a zip to make a single download) >>> > >>> > - Store the public key inside the app >>> > - Download the encrypted hash and the file >>> > - Decrypt the hash using the public key (decrypt using rsa) >>> > - Compare the decrypted hash with a calculated hash of the downloaded >>> file >>> > - If they match, then the file has not been changed >>> > >>> > If you also want to utilize a similar process to secure the file itself >>> > from viewing, then you will need to do something a little different. >>> The >>> > dictionary suggests that a possible method would be to generate a >>> random >>> > key to actually encrypt the file (symmetric encryption - encrypt). >>> That >>> > key would be encrypted with a public key. The encrypted file and >>> encrypted >>> > key would be stored for download. The app would use the private key to >>> > decrypt the data encryption key. Once the data encryption key was >>> > obtained, the data could be decrypted. You would want to use a >>> different >>> > public/private pair of keys for this operation. >>> > >>> > This all sounds like a good project for a library (for use in an app) >>> and a >>> > stack (to handle the front end). I didn't go checking to see if one >>> > already existed though. >>> >>> >>> -- >>> Jacqueline Landman Gay | jac...@hyperactivesw.com >>> HyperActive Software | http://www.hyperactivesw.com >>> >>> _______________________________________________ >>> use-livecode mailing list >>> use-livecode@lists.runrev.com >>> Please visit this url to subscribe, unsubscribe and manage your >>> subscription preferences: >>> http://lists.runrev.com/mailman/listinfo/use-livecode >>> >> > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
