pif_QuickSig |
|
A way to authenticate open messages sent between two servers. [More] |
To download this library for your Linux/Mac installation, enter this on your command line:
DreamDownload byond://Popisfizzy.pif_QuickSig##version=1 Emulator users, in the BYOND pager go to File | Open Location and enter this URL:byond://Popisfizzy.pif_QuickSig##version=1 |
pif_QuickSig is a library designed to allow programmers to digitally sign messages sent between servers in order to verify their authenticity and integrity when sending over open channels (e.g., over the internet).
Digital signatures are a way of verifying that the person who claims to've written some message is actually the author, and that the message was not altered in some way during transit. You may read more about digital signatures here. Most digital signature schemes rely on asymmetric key cryptosystems, (look here to read about these on Wikipedia), and these are in fact more secure. The reason I wrote this library is two-fold:
Given the nature of BYOND, the requirement of being absolutely provably secure (assuming the secrecy of the private key) is not really that necessary, as most messages are ones that do not need to be secure (i.e., they don't have sensitive data) but typically one would still like to verify their integrity and authenticity to make sure someone isn't spoofing them. This can be handled with just regular symmetric cryptographic schemes, but they are a little "heavier" code-wise. This library is meant to provide a balance between the approaches, while not sacrificing too much in the way of security. Example Implementation Below is an example implementation in DM, assuming the use of world.Export() to send messages to the remote server. // An list of servers and their associated pif_QuickSig objects. Each affiliated server has |
Copyright © 2024 BYOND Software.
All rights reserved.