[sword-devel] encryption and integrity checking.

Peter von Kaehne refdoc at gmx.net
Thu Mar 12 00:27:19 MST 2009


Manfred Bergmann wrote:

>>> What about signing the module with a private key.
>>> Every frontend has to have the public key included [..]
>>> This would enable an integrity check.
> It [..] would detect changes to texts and also only CrossWire could
> sign modules.

I like Debian's mechanism of public key per repository.

Keys can get downloaded from repositories. CrossWire has one, Karl has
one, publisher X has one. Everyone signs their modules and makes the
public key available.

Frondend tests whether public key is present and whether module is
signed appropriately and warns otherwise.

That appears simple and straight forward. Someone who wishes to
undermine it would need to remove the test from library +/- frontend or
create their own key.

Peter





More information about the sword-devel mailing list