Splash-stack apps on Google Play
brian at milby7.com
Tue May 22 23:14:45 EDT 2018
Would the loading of LCB extensions be a good thing to add to the
securityPermissions (or does external already cover it)?
On Tue, May 22, 2018 at 7:12 PM Brian Milby <brian at milby7.com> wrote:
> Well, it isn't a full library, but I did put together a demo of how it can
> I've only tested on Mac, but it should work everywhere if you already have
> the keys. Not sure how to generate the keys on Windows, but the button
> should work on Linux.
> Hope it helps.
> On Tue, May 22, 2018 at 2:57 PM, Brian Milby <brian at milby7.com> wrote:
>> Can’t make any changes to the stack once you generate the hash or it will
>> not match.
>> On Tue, May 22, 2018 at 2:41 PM J. Landman Gay via use-livecode <
>> use-livecode at lists.runrev.com> wrote:
>>> Would it be okay to store the encrypted hash in a custom property of the
>>> remote stack?
>>> I'll need to experiment to see if I can do what you've outlined, unless
>>> you write a library before I figure it out... ;)
>>> On 5/22/18 12:03 AM, Brian Milby via use-livecode wrote:
>>> > The dictionary entries that you want are "encrypt using rsa", "decrypt
>>> > using rsa", and "messageDigest'.
>>> > High level process...
>>> > - Generate a public/private key pair
>>> > - Package the file that you want to ensure is not tampered with
>>> > - Generate a hash of the file (messageDigest)
>>> > - Encrypt the hash with your private key (encrypt using rsa)
>>> > - Store the encrypted hash along with the file to download (or
>>> possibly put
>>> > them both into a zip to make a single download)
>>> > - Store the public key inside the app
>>> > - Download the encrypted hash and the file
>>> > - Decrypt the hash using the public key (decrypt using rsa)
>>> > - Compare the decrypted hash with a calculated hash of the downloaded
>>> > - If they match, then the file has not been changed
>>> > If you also want to utilize a similar process to secure the file itself
>>> > from viewing, then you will need to do something a little different.
>>> > dictionary suggests that a possible method would be to generate a
>>> > key to actually encrypt the file (symmetric encryption - encrypt).
>>> > key would be encrypted with a public key. The encrypted file and
>>> > key would be stored for download. The app would use the private key to
>>> > decrypt the data encryption key. Once the data encryption key was
>>> > obtained, the data could be decrypted. You would want to use a
>>> > public/private pair of keys for this operation.
>>> > This all sounds like a good project for a library (for use in an app)
>>> and a
>>> > stack (to handle the front end). I didn't go checking to see if one
>>> > already existed though.
>>> Jacqueline Landman Gay | jacque at hyperactivesw.com
>>> HyperActive Software | http://www.hyperactivesw.com
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
More information about the Use-livecode