Splash-stack apps on Google Play

Brian Milby brian at milby7.com
Tue May 22 20:12:03 EDT 2018


Well, it isn't a full library, but I did put together a demo of how it can
work:

https://github.com/bwmilby/lc-misc/tree/master/SignVerify
https://github.com/bwmilby/lc-misc/raw/master/SignVerify/SignVerify.livecode

I've only tested on Mac, but it should work everywhere if you already have
the keys.  Not sure how to generate the keys on Windows, but the button
should work on Linux.

Hope it helps.

Thanks,
Brian

On Tue, May 22, 2018 at 2:57 PM, Brian Milby <brian at milby7.com> wrote:

> Can’t make any changes to the stack once you generate the hash or it will
> not match.
>
> On Tue, May 22, 2018 at 2:41 PM J. Landman Gay via use-livecode <
> use-livecode at lists.runrev.com> wrote:
>
>> Would it be okay to store the encrypted hash in a custom property of the
>> remote stack?
>>
>> I'll need to experiment to see if I can do what you've outlined, unless
>> you write a library before I figure it out... ;)
>>
>>
>> On 5/22/18 12:03 AM, Brian Milby via use-livecode wrote:
>> > The dictionary entries that you want are "encrypt using rsa", "decrypt
>> > using rsa", and "messageDigest'.
>> >
>> > High level process...
>> > - Generate a public/private key pair
>> > - Package the file that you want to ensure is not tampered with
>> > - Generate a hash of the file (messageDigest)
>> > - Encrypt the hash with your private key (encrypt using rsa)
>> > - Store the encrypted hash along with the file to download (or possibly
>> put
>> > them both into a zip to make a single download)
>> >
>> > - Store the public key inside the app
>> > - Download the encrypted hash and the file
>> > - Decrypt the hash using the public key (decrypt using rsa)
>> > - Compare the decrypted hash with a calculated hash of the downloaded
>> file
>> > - If they match, then the file has not been changed
>> >
>> > If you also want to utilize a similar process to secure the file itself
>> > from viewing, then you will need to do something a little different.
>> The
>> > dictionary suggests that a possible method would be to generate a random
>> > key to actually encrypt the file (symmetric encryption - encrypt).  That
>> > key would be encrypted with a public key.  The encrypted file and
>> encrypted
>> > key would be stored for download.  The app would use the private key to
>> > decrypt the data encryption key.  Once the data encryption key was
>> > obtained, the data could be decrypted.  You would want to use a
>> different
>> > public/private pair of keys for this operation.
>> >
>> > This all sounds like a good project for a library (for use in an app)
>> and a
>> > stack (to handle the front end).  I didn't go checking to see if one
>> > already existed though.
>>
>>
>> --
>> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
>> HyperActive Software           |     http://www.hyperactivesw.com
>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>



More information about the Use-livecode mailing list