Help with signing messages
michael at laptop.org
Sat Jan 29 13:24:35 EST 2011
On Fri, 28 Jan 2011 at 14:40:54 -0200 Esteban Bordon wrote:
> I trying to make a notification system that reads messages from sqlite3
> database and show them via dbus notifications. I want to store a hash of the
> message inside the db to verify each message before show it, but I don't
> know how I do it.
> I think sign the message using sig01 of bios-crypto but I don't know how I
> can verify this hash. Can I use some mfg-data tag to verify it (msg signed
> with masterkey appropiate)?
> Which command I have to use?
Can you please say a bit more about the system you're building? (The choice of
the right command almost certainly depends on some further details about your
* what does a typical message say?
* how are messages transmitted?
* are the messages addressed to one, many, or all possible recipients?
(unicast, multicast, broadcast)
* are the notifications one-way or will there be replies?
* are the messages solely intended for humans to read or are they also
* do you care if other people read the messages in transit?
* do you care if the messages are modified in transit?
* is the recipient supposed to know who sent a message?
(agreement on sender identity)
* is the sender supposed to know who received a message?
(agreement on receiver identity)
* do you care if a message is never delivered?
(availability / reliability)
* do you care if a message is delivered multiple times?
* do you care if messages are reordered in transit?
* do you have other security goals not mentioned above?
(availability, resource usage limits, non-repudiation, privacy...)
More information about the Devel