[A83] Re: apps
[Prev][Next][Index][Thread]
[A83] Re: apps
> > To my knowledge, it tells the calc to allow apps that are signed with
> > the developer signature.
> ...Applications are signed with a key for a specific ID. For example, the
> shareware/freeware key (which is available only to TI) signs applications
> for the 0104 ID (my personal ID is 9F04). All calculators can load
> applications signed for the 0104 ID. When you sign an application with a
> key, it creates some sort of data (I'll call it a checksum) which is used
by
> the calculator to validate the application.
When something is signed, it is encrypted by a private key. If it can be
decrypted by a public key that corresponds to the private key, then that
proves that it was signed by that private key.
> > But hey, if someone were to make his developer certificate and signing
> > available to anyone,
> > we could simply sign apps with that signature, and put the specific
> > developer signature with it.
> ...This would not work. The problem is with the developer certificate.
> Certificates are also validated when sent to the calculator. This time,
> it's validated based on your serial number. Of course, there's encryption
> involved, so you can't just open up the certificate file and change the
> numbers. So if you have the same serial number as someone else (which
> obviously you don't), you could load their certificates, and thus their
> applications. Otherwise, you're stuck.
There are at least a couple of ways that it could be done. Either (most
likely) the serial number is encrypted using the private key, or (less
likely) each calculator has a separate private/public key set, and the
certificate is encrypted/signed using the calculators private key.
Follow-Ups:
References: