Re: A89: U.S. Encryption Laws


[Prev][Next][Index][Thread]

Re: A89: U.S. Encryption Laws




On Fri, Dec 03, 1999 at 09:21:02 +0200, Risto Järvinen wrote:
> 
> Hm.  Are the apps actually encrypted?

No, only the signatures are.

> Instead RSA could be used to make a digital signature on programs and the
> calc would refuse to run them.  This wouldn't protect the programs from
> being pirated (you can copy them but they won't run on another calc) but
> it'd let the calculator be exported.

The MD5 algorithm is used to make a digital signature and this signature is
encrypted (by TI) using RSA. The calculator decrypts this and verifies the
checksum, if it doesn't match the app is deleted.

> Plus if calculator actually decrypts something using RSA, it means that it
> has the 'private key', so you could just disassemble the ROM to find it
> out.  Authenticating digital signature needs only the 'public key' while
> signing requires the 'private'.

Right and wrong. It's true that authenticating requires the public key, and
that's why you will *not* find the private key in the ROM. Only TI knows the
private key, and only TI can sign apps/ROMs.

//Johan


Follow-Ups: References: