Mark Seiden wrote:
> yes, i was imagining a conventional "hash and sign" operation.
> the entire contents of the tar.gz (including all files and
> directories, as well as their permissions) would be hashed.
The usual method is to create a *.sig file for the binary file (in this
case, a *.lrp file).
> the hash would be signed by the packager, using their
> private key.(let's ignore for now exactly how, but any kind of
> digital signature supporting public key will do, for my purpose.)
>
> on the client, the public key stored on the floppy would be used to
> check the signature of the hash, which would determine its
> authenticity. the hash of the contents would be recalculated, to
> determine whether any content had been altered after signature.
As I understand signatures, a signature not only verifies the sender but
also the contents of the item that was signed. If you change the "item"
(message, tar file, whatever) then the signature becomes invalid.
> the main important requirement is that the signature checking code
> be *small*.
To my knowledge, public key encryption is anything but small....
> so there is, the issue where to put the signed hash.
A signed "hash" wouldn't be necessary would it?
> if it's a separate file it could get separated from the tar file.
> but we already have <pkg>.txt files describing each of the lrps.
> so why not <pkg>.sig files?
That's the standard method in other locations; go to ftp.kernel.org and
look at all those signature files....
> > * When saving, this <pkg>.md5 file would be created on the fly and
> > saved.
>
> saved where? as a separate file, or part of the lrp file?
Saved as part of the lrp file. As noted elsewhere, the purpose of the
*.md5 is slightly different than what you mentioned.
> i don't see a lot of advantage to calculating individual file hashes --
> it would tell you which file(s) in a package were altered, but you'd still
> have to run diffs to figure out just what the alteration was.
The alteration would be enough. Consider these current implementations
of what I'm attempting to do:
* rpm --verify RPMRPMRPM
* tripwire
* integrit
* AIDE
> a single hash on the package would say *some* file was altered, and you'd
> have to run diffs for exactly the same reason.
A single hash would not be good for your purposes nor mine.
> (the hashes are useful only if they can be reliably preserved. any
> bad guy deliberately altering a package would also deliberately alter
> the hash file, hence the purpose of the signature).
A bad guy corrupting the hash would be online, and would have to know
that it was there. If they did, a quick cross-check with an offline
*.md5 would show them up quick.
> or md5sum package.lrp >package.sig
This is too easy to counterfeit; the source is also not guaranteed in
any way.
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
