Splash-stack apps on Google Play

Brian Milby brian at milby7.com
Tue May 22 23:14:45 EDT 2018


@Mark
Would the loading of LCB extensions be a good thing to add to the
securityPermissions (or does external already cover it)?

On Tue, May 22, 2018 at 7:12 PM Brian Milby <brian at milby7.com> wrote:

> Well, it isn't a full library, but I did put together a demo of how it can
> work:
>
> https://github.com/bwmilby/lc-misc/tree/master/SignVerify
>
> https://github.com/bwmilby/lc-misc/raw/master/SignVerify/SignVerify.livecode
>
> I've only tested on Mac, but it should work everywhere if you already have
> the keys.  Not sure how to generate the keys on Windows, but the button
> should work on Linux.
>
> Hope it helps.
>
> Thanks,
> Brian
>
> On Tue, May 22, 2018 at 2:57 PM, Brian Milby <brian at milby7.com> wrote:
>
>> Can’t make any changes to the stack once you generate the hash or it will
>> not match.
>>
>> On Tue, May 22, 2018 at 2:41 PM J. Landman Gay via use-livecode <
>> use-livecode at lists.runrev.com> wrote:
>>
>>> Would it be okay to store the encrypted hash in a custom property of the
>>> remote stack?
>>>
>>> I'll need to experiment to see if I can do what you've outlined, unless
>>> you write a library before I figure it out... ;)
>>>
>>>
>>> On 5/22/18 12:03 AM, Brian Milby via use-livecode wrote:
>>> > The dictionary entries that you want are "encrypt using rsa", "decrypt
>>> > using rsa", and "messageDigest'.
>>> >
>>> > High level process...
>>> > - Generate a public/private key pair
>>> > - Package the file that you want to ensure is not tampered with
>>> > - Generate a hash of the file (messageDigest)
>>> > - Encrypt the hash with your private key (encrypt using rsa)
>>> > - Store the encrypted hash along with the file to download (or
>>> possibly put
>>> > them both into a zip to make a single download)
>>> >
>>> > - Store the public key inside the app
>>> > - Download the encrypted hash and the file
>>> > - Decrypt the hash using the public key (decrypt using rsa)
>>> > - Compare the decrypted hash with a calculated hash of the downloaded
>>> file
>>> > - If they match, then the file has not been changed
>>> >
>>> > If you also want to utilize a similar process to secure the file itself
>>> > from viewing, then you will need to do something a little different.
>>> The
>>> > dictionary suggests that a possible method would be to generate a
>>> random
>>> > key to actually encrypt the file (symmetric encryption - encrypt).
>>> That
>>> > key would be encrypted with a public key.  The encrypted file and
>>> encrypted
>>> > key would be stored for download.  The app would use the private key to
>>> > decrypt the data encryption key.  Once the data encryption key was
>>> > obtained, the data could be decrypted.  You would want to use a
>>> different
>>> > public/private pair of keys for this operation.
>>> >
>>> > This all sounds like a good project for a library (for use in an app)
>>> and a
>>> > stack (to handle the front end).  I didn't go checking to see if one
>>> > already existed though.
>>>
>>>
>>> --
>>> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
>>> HyperActive Software           |     http://www.hyperactivesw.com
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>
>



More information about the use-livecode mailing list