Opened 11 years ago

Closed 11 years ago

#183 closed Feature request (fixed)

Sign AutoUpdates and verify signature

Reported by: Matthäus Wander Owned by: sauer
Priority: Must have Milestone: CrypTool 2.0 BETA 4
Component: AutoUpdate Keywords:
Cc:

Change History (4)

comment:1 Changed 11 years ago by Matthäus Wander

Discussed approaches:

  • Sign Zip, put signature in CT2_Versions.xml, put public key into CT2 AutoUpdater, verify Zip
  • Replace Zip with Silent MSI Install, verify MSI signature

comment:2 Changed 11 years ago by Matthäus Wander

Another solution attempt:

  • Use https to retrieve XML file, check certificate against (built-in) cryper public key
  • Check whether CT2.zip URL starts with https
  • When attempting to download CT2.zip, demand https (e.g. check whether URL starts with https), check certificate against (built-in) cryper public key

comment:3 Changed 11 years ago by sauer

Status: newaccepted

The 2nd attempt is used now with one difference: Https is not demanded for download URL right now because it has not been changed to https yet. Once it is changed, the check for https will be implemented and this ticket will be closed.

comment:4 Changed 11 years ago by Matthäus Wander

Resolution: fixed
Status: acceptedclosed

XML has been changed a couple of days ago. Works now, thanks.

Note: See TracTickets for help on using tickets.