Splash-stack apps on Google Play

J. Landman Gay jacque at hyperactivesw.com
Tue May 22 15:41:03 EDT 2018


Would it be okay to store the encrypted hash in a custom property of the 
remote stack?

I'll need to experiment to see if I can do what you've outlined, unless 
you write a library before I figure it out... ;)


On 5/22/18 12:03 AM, Brian Milby via use-livecode wrote:
> The dictionary entries that you want are "encrypt using rsa", "decrypt
> using rsa", and "messageDigest'.
> 
> High level process...
> - Generate a public/private key pair
> - Package the file that you want to ensure is not tampered with
> - Generate a hash of the file (messageDigest)
> - Encrypt the hash with your private key (encrypt using rsa)
> - Store the encrypted hash along with the file to download (or possibly put
> them both into a zip to make a single download)
> 
> - Store the public key inside the app
> - Download the encrypted hash and the file
> - Decrypt the hash using the public key (decrypt using rsa)
> - Compare the decrypted hash with a calculated hash of the downloaded file
> - If they match, then the file has not been changed
> 
> If you also want to utilize a similar process to secure the file itself
> from viewing, then you will need to do something a little different.  The
> dictionary suggests that a possible method would be to generate a random
> key to actually encrypt the file (symmetric encryption - encrypt).  That
> key would be encrypted with a public key.  The encrypted file and encrypted
> key would be stored for download.  The app would use the private key to
> decrypt the data encryption key.  Once the data encryption key was
> obtained, the data could be decrypted.  You would want to use a different
> public/private pair of keys for this operation.
> 
> This all sounds like a good project for a library (for use in an app) and a
> stack (to handle the front end).  I didn't go checking to see if one
> already existed though.


-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com




More information about the Use-livecode mailing list