flat assembler
Message board for the users of flat assembler.

Index > Windows > digital signature

Author
Thread Post new topic Reply to topic
bcdsys



Joined: 04 Aug 2008
Posts: 41
bcdsys
how do I make a program that only accepts input that is digitally signed by a specified key
I want to have program that comes with public key in it and checks if inputs are digitally signed by me, and only accept those that are
what is the easiest and MOST SECURE way of doing it (only I have key+own root CA, don't want anyone else to be able to signmessages/revoke key)
Post 24 Dec 2008, 19:46
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17252
Location: In your JS exploiting you and your system
revolution
The problem is fundamentally unsolvable, because anyone can always just replace the keys with their own, or just simply bypass the check completely.

So with that in mind, you can use a simple RSA/ECC scheme. There is lots of info and source code around the 'net.
Post 24 Dec 2008, 23:52
View user's profile Send private message Visit poster's website Reply with quote
bcdsys



Joined: 04 Aug 2008
Posts: 41
bcdsys
>The problem is fundamentally unsolvable, because anyone can always just replace the keys with their own, or just simply bypass the check completely.

I know but this isnt problem here, problem is to make it so no 3ed party outside target system or me can revoke key. cracker on target can add key, but i dont want to use keys from ms or verisign or anyone who can revoke them, so i want my own root ca
heres problem:
1.app comes with cert by me
2.when app gets remote input it checks if digital sign by me
3. input only accept if signed
i want secure way to do above
what is best for this, must be very secure against attackers and must work
any signing scheme accept, doesnt have to be ssl, cert can be any format, just must be simple, fast, secure, and use my own signing keys
Post 25 Dec 2008, 02:15
View user's profile Send private message Reply with quote
bcdsys



Joined: 04 Aug 2008
Posts: 41
bcdsys
various ways and problems:
1. use http://en.wikipedia.org/wiki/GNU_Privacy_Guard
problem is not api must use another process so inefficient, i dont want create another process
2. use ECC/RSA
how complex is the code in my app to code myself? prob need to find code on net, should be free sourcecode on net. know windows has wincrypt.h for encryption. is this good for this? also I heard of OpenSSL. is openssl good for this?
Post 25 Dec 2008, 02:21
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17252
Location: In your JS exploiting you and your system
revolution
Just use what I mentioned above RSA or ECC, that's what hey are designed for. You encrypt/sign with the private key and send to the program to decrypt/check the received data. Simple.

As for revoking a key etc. You have to make sure no one has access to the program else all bets are off. If someone can change your program then it is already too late, you have no control over what that program will accept/reject in the future.

These are two separate issues though. Sending verifiable data to someone/something is easy with RSA/ECC, but ensuring no one hacks a program is hard.
Post 25 Dec 2008, 02:22
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17252
Location: In your JS exploiting you and your system
revolution
bcdsys wrote:
2. use ECC/RSA
how complex is the code in my app to code myself?
All that is needed is multi-precision arithmetic and a few covering procedures to perform the sequence of steps needed.
Have a look at my SHA512, RSA and Rijndael (AES) macros to give you an idea of what is involved.
Post 25 Dec 2008, 02:28
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
or just use libtomcrypt, it is pretty easy....
Post 25 Dec 2008, 13:42
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.