Macintosh-Tools/uvmac
1
0
Fork 0
mirror of https://github.com/InvisibleUp/uvmac.git synced 2024-11-25 11:31:18 +00:00
Code Issues Projects Releases Wiki Activity
c03084ea30
uvmac/docs/extras/psgcheck/index.html
InvisibleUp 20082e3307 Add original Mini vMac documentation
2020-03-14 15:28:01 -04:00

1 line
4.9 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> PSgCheck </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="index.html">
</head>
<body>
<div>
<i> <a href="https://www.gryphel.com/index.html">www.gryphel.com</a>/c/<a href="../../index.html">minivmac</a>/<a href="../index.html">extras</a>/psgcheck
- <a href="https://www.gryphel.com/c/feedback.html">feedback</a> </i>
</div>
<hr>
<h2 align=center>
PSgCheck
</h2>
<hr>
<p> Download </p>
<blockquote>
<p> <a href="https://www.gryphel.com/d/minivmac/extras/psgcheck/psgcheck-1.1.0.zip">psgcheck-1.1.0.zip</a>
(131K) a zipped hfs disk image and checksum file.
The disk image can be mounted with Mini vMac.
Includes source code.
</p>
</blockquote>
<p>
PSgCheck is a tool for checking digital signatures, just like
<a href="../sigcheck/index.html">SigCheck</a>,
except that it uses a different format that is more
or less compatible with the program MacPGP.
</p>
<p> <img src="https://www.gryphel.com/d/minivmac/extras/psgcheck/screen.gif" width=514 height=344 border=0 alt="Screenshot"> </p>
<p>
The related tool
<a href="../psgwrite/index.html">PSgWrite</a>
creates digital signatures that can be checked by PSgCheck.
Public and secret key pairs for these tools can be created with
<a href="../pmakkeys/index.html">PMakKeys</a>.
</p>
<p>
PSgCheck is in part descended from MacPGP source code, which, as far as
I can tell, allows derived works for noncommercial use. PSgCheck is
generally compatible with MacPGP, but it is easier to legally
distribute, since it doesn&rsquo;t do cryptography. Since it only does
one thing it should also be easier to use. PSgCheck only handles a
subset of signed messages that MacPGP does.
</p>
<p>
PSgCheck has been replaced by
<a href="../sigcheck/index.html">SigCheck</a>,
which uses a different format, &ldquo;GRY&rdquo;. The &ldquo;GRY&rdquo;
format is much simpler, and therefore shorter.
</p>
<p>
To attempt to mitigate weaknesses of md5, the GRY signature format
uses two different md5 checksums, the normal one, and the md5
checksum of the input bytes in reverse order. It also includes 3 byte
CRC checksums in normal and reverse order, and 2 bytes of version
info to make a 40 byte digest (320 bits). 384 bits is the minimum
key size supported by SigCheck, which means the maximum digest
size which can be encoded in the signature is 384 bits.
It is hopefully harder to construct two files where these 40 byte
digests match than it is to make the 16 byte md5 checksums match.
</p>
<p>
The signature format used by PSgCheck only uses the 16 byte md5
checksum as a digest. Currently md5 is generally considered
hopelessly weakened, and unsuitable for any purpose. However, as far as
I know, there is still no publicly known practical
&ldquo;Preimage&rdquo; attack, which is what is most important for
signing. That is, if I create a file that has a certain md5 checksum,
there is no practical way known yet for someone else to construct a
different file with the same checksum. But it is possible to create two
files with the same md5 checksum. So you have to be careful about
signing a statement that you have looked at a file created by someone
else, with a given md5 checksum, and it is good. Because they might have
another file with the same checksum that isn&rsquo;t good.
And you have to be careful about signing a statement that contains a
significant amount of text from someone else, especially if your text
that precedes their text is predictable. Which seems to be what happened
to Microsoft with the &ldquo;Flame&rdquo; malware.
</p>
<p>
Here is the md5 checksum for the download, signed with
<a href="https://www.gryphel.com/c/keys/k5.html">Gryphel Key 5</a>:
</p>
<blockquote>
<pre>
--------- GRY SIGNED TEXT ---------
0c0c7595afb4c5f80eed669c9579697a psgcheck-1.1.0.zip
------- BEGIN GRY SIGNATURE -------
Gry/4Xa8CFcUzxdN/FGldTdJwYKeOhZAQlL95gcFYC0GhlGNfIPVF7R535S78Dh2
8abQczZlQjk4P4hVOPLAyTkiADAF6AExOXhANcQEK4qeD0vdTHmKQ4URIGZVq6lY
wHfV21nkoPVCOKMGvWOnBM4vK3H/IhUam2OZY5qaeFD7zLipNHDu3f17+aa1sQoP
-------- END GRY SIGNATURE --------
</pre>
</blockquote>
<p> See the
<a href="../../appc/index.html">Compiling</a>
page for instructions on compiling PSgCheck from the source code. </p>
<p> : </p>
<p> If you find PSgCheck useful, please consider
<a href="https://www.gryphel.com/c/help/index.html">helping the Gryphel Project</a>,
of which it is a part. </p>
<a href="https://www.gryphel.com/index.html">
<img src="https://www.gryphel.com/d/gryphel-32.gif" width=32 height=32 border=0
alt="gryphel logo, 1K"
>
</a>
<hr>
<div>
<i> <a href="https://www.gryphel.com/index.html">www.gryphel.com</a>/c/<a href="../../index.html">minivmac</a>/<a href="../index.html">extras</a>/psgcheck
- <a href="https://www.gryphel.com/c/feedback.html">feedback</a> </i>
<br>
copyright (c) 2018 Paul C. Pratt - last update 10/19/2018
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink