arx-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Arx-users] Checksums and Signatures


From: Walter Landry
Subject: [Arx-users] Checksums and Signatures
Date: Thu, 27 Nov 2003 08:29:31 -0500 (EST)

Greetings,

I have done more thinking about how to implement checksums and
cryptographic signatures.  Here are my thoughts.

All checksums are computed with sha256.  This gives 128 bits of
security against birthday attacks, rather than the 80 for sha1 or 64
for md5.  This should be sufficient for the next 50 years.

Checksums are a property of the revision, not the patch.  So it is
stored separately from the patch.

We first compute a complete checksum file by printing out the file
name, the file's checksum, it's metadata, and it's inventory tag.  So
an example file would be something like

  ArX Checksum V1.0
  address@hidden/foo--bar--1.0--patch-33
  foo/bar/baz 8c712075cd2fb93f06dd391544a4e396f7fecfa8 644 
address@hidden:30:33_EDT_2003_20467.0
  foo/bar/bat link -> baz address@hidden:30:33_EDT_2003_20112.0
  foo/bar directory address@hidden:30:33_EDT_2003_19923.0
  ...


The header of the file contains a version number and a complete
revision name.  Directories and files do not have checksums.  The
checksum of this complete checksum file is placed in sha256 in the
patch directory (category/branch/version/patch-level/sha256).  They
are computed for every revision.

When we "arx get" a revision, we compute and store the complete
checksum file in {arch}/++sha256.  When comparing files, we only need
to make sure that the checksums match.  This should speed up mkpatch
by about a factor of 2 for large trees.

Signatures can sign either a patch or a revision.  If signing a
revision, then just sign the sha256 file.  This makes it quick and
easy to sign everything in an archive.  If signing a patch, sign the
tar.gz of the patch.  These signature files go into the archive in
sig_rev/ and sig_patch/ directories.

New commands:

  verify-checksum [archive/]revision
    Download the revision, compute the checksum and compare it with
    the checksum in the archive.

  verify-revision-signature revision
    First verify the checksum for that revision and that the signature
    really signed the sha256 file.

  verify-patch-signature revision
    Download the patch and verify it's signature.

  add-patch-signature [archive/]revision signature_file
    Verifies the signature and uploads it.

  add-revision-signature [archive/]revision signature_file
    Verifies the signature and uploads it.

  sign-patch [archive/]revision
  sign-revision [archive/]revision
    Sign and upload the signature for a patch or revision.


Except for the add-*-signature functions, if given only a branch,
category or archive, then act on all of the revisions in the branch,
category, or archive.  If someone's public key is not in your
keyring, complain and continue.  Optionally, you can verify only those
signatures in your keyring, or only a particular person in your
keyring.  If a revision is not signed by someone in your keyring,
complain LOUDLY.

Everytime you do a get or get-patch, checksums and signatures are
verified.

Let me know if you have any comments.

Walter




reply via email to

[Prev in Thread] Current Thread [Next in Thread]