Mark Seiden wrote:
> i don't see without a signature file how you know the decryption
> function succeeded and therefore returned a complete, authentic,
> unaltered, package. (rather than returning garbage).
If a *.lrp package is installed, it will be decompressed and de-tarred;
the results of these operations are tested. If the package is corrupt,
it won't install correctly.
However, to validate the package, you need public key encryption;
basically you encrypt with your private key, and someone else decrypts
with your public key. The usual program to do this is pgp; if you want
built-in support for this, you'll have to modify apkg (probably) to
support it, as well as put pgp into root.lrp.
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
