Splash-stack apps on Google Play

Brian Milby brian at milby7.com
Tue May 22 15:57:36 EDT 2018


Can’t make any changes to the stack once you generate the hash or it will
not match.
On Tue, May 22, 2018 at 2:41 PM J. Landman Gay via use-livecode <
use-livecode at lists.runrev.com> wrote:

> Would it be okay to store the encrypted hash in a custom property of the
> remote stack?
>
> I'll need to experiment to see if I can do what you've outlined, unless
> you write a library before I figure it out... ;)
>
>
> On 5/22/18 12:03 AM, Brian Milby via use-livecode wrote:
> > The dictionary entries that you want are "encrypt using rsa", "decrypt
> > using rsa", and "messageDigest'.
> >
> > High level process...
> > - Generate a public/private key pair
> > - Package the file that you want to ensure is not tampered with
> > - Generate a hash of the file (messageDigest)
> > - Encrypt the hash with your private key (encrypt using rsa)
> > - Store the encrypted hash along with the file to download (or possibly
> put
> > them both into a zip to make a single download)
> >
> > - Store the public key inside the app
> > - Download the encrypted hash and the file
> > - Decrypt the hash using the public key (decrypt using rsa)
> > - Compare the decrypted hash with a calculated hash of the downloaded
> file
> > - If they match, then the file has not been changed
> >
> > If you also want to utilize a similar process to secure the file itself
> > from viewing, then you will need to do something a little different.  The
> > dictionary suggests that a possible method would be to generate a random
> > key to actually encrypt the file (symmetric encryption - encrypt).  That
> > key would be encrypted with a public key.  The encrypted file and
> encrypted
> > key would be stored for download.  The app would use the private key to
> > decrypt the data encryption key.  Once the data encryption key was
> > obtained, the data could be decrypted.  You would want to use a different
> > public/private pair of keys for this operation.
> >
> > This all sounds like a good project for a library (for use in an app)
> and a
> > stack (to handle the front end).  I didn't go checking to see if one
> > already existed though.
>
>
> --
> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
> HyperActive Software           |     http://www.hyperactivesw.com
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



More information about the use-livecode mailing list