Help with signing messages

Esteban Bordon ebordon at plan.ceibal.edu.uy
Thu Feb 3 12:02:21 EST 2011 

 2011/1/29 Michael Stone <michael at laptop.org>

> On Fri, 28 Jan 2011 at 14:40:54 -0200 Esteban Bordon wrote:
>
>> I trying to make a notification system that reads messages from sqlite3
>> database and show them via dbus notifications. I want to store a hash of
>> the
>> message inside the db to verify each message before show it, but I don't
>> know how I do it.
>>
>> I think sign the message using sig01 of bios-crypto but I don't know how I
>> can verify this hash. Can I use some mfg-data tag to verify it (msg signed
>> with masterkey appropiate)?
>>
>> Which command I have to use?
>>
>
> Can you please say a bit more about the system you're building? (The choice
> of
> the right command almost certainly depends on some further details about
> your
> goals.)
>
> In particular:
>
>  * what does a typical message say?
>

Institutional or relevant messages about XO and children. For example, "New
OS version is released" or "Your laptop will be blocked tomorrow, please
update your blacklist"

>
>  * how are messages transmitted?
>

Laptop download a XML from their school server with the messages.

>
>  * are the messages addressed to one, many, or all possible recipients?
> (unicast, multicast, broadcast)
>
All laptops should receive the same messages

>
>  * are the notifications one-way or will there be replies?
>
one-way, for now.

>
>  * are the messages solely intended for humans to read or are they also
>    machine readable?
>
This application is only for humans.

>
>  * do you care if other people read the messages in transit?     (secrecy)
>
No matter, messages  can be puclic.

>
>  * do you care if the messages are modified in transit?     (integrity)
>

Yes.  It's one reason for I want sign the messages.

>
>  * is the recipient supposed to know who sent a message?     (agreement on
> sender identity)
>
Only school server should to send messages

>
>  * is the sender supposed to know who received a message?     (agreement on
> receiver identity)
>
This feature isn't already implemented

>
>  * do you care if a message is never delivered?
>    (availability / reliability)
>
 If XO connect to server should get the XML. I don't think it as independent
messages, all messages are into XML

>
>  * do you care if a message is delivered multiple times?
>    (replay)
>
No, laptop application delete duplicate messages

>
>  * do you care if messages are reordered in transit?
>    (ordering)
>
 No. the application stores the messages into db file.

>
>  * do you have other security goals not mentioned above?
>    (availability, resource usage limits, non-repudiation, privacy...)
>
> Regards,
>
> Michael
>

Regards,
Esteban.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20110203/0e20fa73/attachment.html>

More information about the Devel mailing list