Splash-stack apps on Google Play
mark at livecode.com
Wed May 23 03:56:56 EDT 2018
On 2018-05-23 05:14, Brian Milby wrote:
> Would the loading of LCB extensions be a good thing to add to the
> securityPermissions (or does external already cover it)?
The securityPermissions is definitely the right place to do this.
Standalones are built with a small startup script which is run, so we
can tie the option in the S/B to adding a line in that script to
As to whether it should be rolled into external, or whether it needs a
new one needs a little thought. I suspect it won't do any harm to add
another permission for it - after all it is quite specific (eventually
we want it to be - don't allow loading of LCB extensions which use
> On Tue, May 22, 2018 at 7:12 PM Brian Milby <brian at milby7.com> wrote:
>> Well, it isn't a full library, but I did put together a demo of how
>> it can work:
>> https://github.com/bwmilby/lc-misc/tree/master/SignVerify 
>> I've only tested on Mac, but it should work everywhere if you
>> already have the keys. Not sure how to generate the keys on
>> Windows, but the button should work on Linux.
>> Hope it helps.
>> On Tue, May 22, 2018 at 2:57 PM, Brian Milby <brian at milby7.com>
>> Can’t make any changes to the stack once you generate the hash or
>> it will not match.
>> On Tue, May 22, 2018 at 2:41 PM J. Landman Gay via use-livecode
>> <use-livecode at lists.runrev.com> wrote:
>> Would it be okay to store the encrypted hash in a custom property of
>> remote stack?
>> I'll need to experiment to see if I can do what you've outlined,
>> you write a library before I figure it out... ;)
>> On 5/22/18 12:03 AM, Brian Milby via use-livecode wrote:
>>> The dictionary entries that you want are "encrypt using rsa",
>>> using rsa", and "messageDigest'.
>>> High level process...
>>> - Generate a public/private key pair
>>> - Package the file that you want to ensure is not tampered with
>>> - Generate a hash of the file (messageDigest)
>>> - Encrypt the hash with your private key (encrypt using rsa)
>>> - Store the encrypted hash along with the file to download (or
>> possibly put
>>> them both into a zip to make a single download)
>>> - Store the public key inside the app
>>> - Download the encrypted hash and the file
>>> - Decrypt the hash using the public key (decrypt using rsa)
>>> - Compare the decrypted hash with a calculated hash of the
>> downloaded file
>>> - If they match, then the file has not been changed
>>> If you also want to utilize a similar process to secure the file
>>> from viewing, then you will need to do something a little
>> different. The
>>> dictionary suggests that a possible method would be to generate a
>>> key to actually encrypt the file (symmetric encryption -
>> encrypt). That
>>> key would be encrypted with a public key. The encrypted file and
>>> key would be stored for download. The app would use the private
>> key to
>>> decrypt the data encryption key. Once the data encryption key
>>> obtained, the data could be decrypted. You would want to use a
>>> public/private pair of keys for this operation.
>>> This all sounds like a good project for a library (for use in an
>> app) and a
>>> stack (to handle the front end). I didn't go checking to see if
>>> already existed though.
>> Jacqueline Landman Gay | jacque at hyperactivesw.com
>> HyperActive Software | http://www.hyperactivesw.com
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode 
>  https://github.com/bwmilby/lc-misc/tree/master/SignVerify
>  http://www.hyperactivesw.com
>  http://lists.runrev.com/mailman/listinfo/use-livecode
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
More information about the Use-livecode