[A83] Re: apps
[Prev][Next][Index][Thread]
[A83] Re: apps
At 00:01 2001-04-24, you wrote:
>When something is signed, it is encrypted by a private key. If it can be
>decrypted by a public key that corresponds to the private key, then that
>proves that it was signed by that private key.
partly true. the whole program isn't encrypted.
signing works most often (and I am quite sure it is like this on the calc
to) that you put your message (in this case a program) through MD5, wich is
a "Message Digest" algoritm, wich is something like a checksum, or more
similar to a CRC (wich isn't really a sum). MD5 is optimized so that it
should be very hard to find two messages that have the same MD5 result,
insted of like CRC, that is optimized to be fast and able to find many
types of common bit-errors.
This MD5 result is then encrypted with the persons (this case TI) private
key, and can only be decrypted with the public key.
the calc can check if the program is correct by running it through MD5,
decrypt the MD5 result provided with the app, and check if they matches.
Then on the calc there is theese certificate too, I havn't studied how
certificates work in most cases now, but I can guess on a couple of ways it
could be done, but I will spare you my guesses :)
could easily be done with some crypto and putting a bit more info then only
the MD5 result in the crypto-part with the app.
///Olle
References: