mirror of
https://github.com/InvisibleUp/uvmac.git
synced 2024-11-29 07:49:18 +00:00
1 line
4.9 KiB
HTML
1 line
4.9 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
|
|
<head>
|
|
<title> PSgCheck </title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<link rel="canonical" href="index.html">
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<div>
|
|
|
|
<i> <a href="https://www.gryphel.com/index.html">www.gryphel.com</a>/c/<a href="../../index.html">minivmac</a>/<a href="../index.html">extras</a>/psgcheck
|
|
- <a href="https://www.gryphel.com/c/feedback.html">feedback</a> </i>
|
|
|
|
</div>
|
|
|
|
<hr>
|
|
|
|
<h2 align=center>
|
|
PSgCheck
|
|
</h2>
|
|
|
|
<hr>
|
|
|
|
<p> Download </p>
|
|
<blockquote>
|
|
|
|
<p> <a href="https://www.gryphel.com/d/minivmac/extras/psgcheck/psgcheck-1.1.0.zip">psgcheck-1.1.0.zip</a>
|
|
(131K) a zipped hfs disk image and checksum file.
|
|
The disk image can be mounted with Mini vMac.
|
|
Includes source code.
|
|
</p>
|
|
|
|
</blockquote>
|
|
|
|
<p>
|
|
PSgCheck is a tool for checking digital signatures, just like
|
|
<a href="../sigcheck/index.html">SigCheck</a>,
|
|
except that it uses a different format that is more
|
|
or less compatible with the program MacPGP.
|
|
</p>
|
|
|
|
<p> <img src="https://www.gryphel.com/d/minivmac/extras/psgcheck/screen.gif" width=514 height=344 border=0 alt="Screenshot"> </p>
|
|
|
|
<p>
|
|
The related tool
|
|
<a href="../psgwrite/index.html">PSgWrite</a>
|
|
creates digital signatures that can be checked by PSgCheck.
|
|
Public and secret key pairs for these tools can be created with
|
|
<a href="../pmakkeys/index.html">PMakKeys</a>.
|
|
</p>
|
|
|
|
<p>
|
|
PSgCheck is in part descended from MacPGP source code, which, as far as
|
|
I can tell, allows derived works for noncommercial use. PSgCheck is
|
|
generally compatible with MacPGP, but it is easier to legally
|
|
distribute, since it doesn’t do cryptography. Since it only does
|
|
one thing it should also be easier to use. PSgCheck only handles a
|
|
subset of signed messages that MacPGP does.
|
|
</p>
|
|
|
|
<p>
|
|
PSgCheck has been replaced by
|
|
<a href="../sigcheck/index.html">SigCheck</a>,
|
|
which uses a different format, “GRY”. The “GRY”
|
|
format is much simpler, and therefore shorter.
|
|
</p>
|
|
|
|
<p>
|
|
To attempt to mitigate weaknesses of md5, the GRY signature format
|
|
uses two different md5 checksums, the normal one, and the md5
|
|
checksum of the input bytes in reverse order. It also includes 3 byte
|
|
CRC checksums in normal and reverse order, and 2 bytes of version
|
|
info to make a 40 byte digest (320 bits). 384 bits is the minimum
|
|
key size supported by SigCheck, which means the maximum digest
|
|
size which can be encoded in the signature is 384 bits.
|
|
It is hopefully harder to construct two files where these 40 byte
|
|
digests match than it is to make the 16 byte md5 checksums match.
|
|
</p>
|
|
|
|
<p>
|
|
The signature format used by PSgCheck only uses the 16 byte md5
|
|
checksum as a digest. Currently md5 is generally considered
|
|
hopelessly weakened, and unsuitable for any purpose. However, as far as
|
|
I know, there is still no publicly known practical
|
|
“Preimage” attack, which is what is most important for
|
|
signing. That is, if I create a file that has a certain md5 checksum,
|
|
there is no practical way known yet for someone else to construct a
|
|
different file with the same checksum. But it is possible to create two
|
|
files with the same md5 checksum. So you have to be careful about
|
|
signing a statement that you have looked at a file created by someone
|
|
else, with a given md5 checksum, and it is good. Because they might have
|
|
another file with the same checksum that isn’t good.
|
|
And you have to be careful about signing a statement that contains a
|
|
significant amount of text from someone else, especially if your text
|
|
that precedes their text is predictable. Which seems to be what happened
|
|
to Microsoft with the “Flame” malware.
|
|
</p>
|
|
|
|
<p>
|
|
Here is the md5 checksum for the download, signed with
|
|
<a href="https://www.gryphel.com/c/keys/k5.html">Gryphel Key 5</a>:
|
|
</p>
|
|
|
|
<blockquote>
|
|
<pre>
|
|
--------- GRY SIGNED TEXT ---------
|
|
|
|
0c0c7595afb4c5f80eed669c9579697a psgcheck-1.1.0.zip
|
|
|
|
------- BEGIN GRY SIGNATURE -------
|
|
Gry/4Xa8CFcUzxdN/FGldTdJwYKeOhZAQlL95gcFYC0GhlGNfIPVF7R535S78Dh2
|
|
8abQczZlQjk4P4hVOPLAyTkiADAF6AExOXhANcQEK4qeD0vdTHmKQ4URIGZVq6lY
|
|
wHfV21nkoPVCOKMGvWOnBM4vK3H/IhUam2OZY5qaeFD7zLipNHDu3f17+aa1sQoP
|
|
-------- END GRY SIGNATURE --------
|
|
</pre>
|
|
</blockquote>
|
|
|
|
<p> See the
|
|
<a href="../../appc/index.html">Compiling</a>
|
|
page for instructions on compiling PSgCheck from the source code. </p>
|
|
|
|
<p> : </p>
|
|
|
|
<p> If you find PSgCheck useful, please consider
|
|
<a href="https://www.gryphel.com/c/help/index.html">helping the Gryphel Project</a>,
|
|
of which it is a part. </p>
|
|
|
|
<a href="https://www.gryphel.com/index.html">
|
|
<img src="https://www.gryphel.com/d/gryphel-32.gif" width=32 height=32 border=0
|
|
alt="gryphel logo, 1K"
|
|
>
|
|
</a>
|
|
|
|
<hr>
|
|
|
|
<div>
|
|
|
|
<i> <a href="https://www.gryphel.com/index.html">www.gryphel.com</a>/c/<a href="../../index.html">minivmac</a>/<a href="../index.html">extras</a>/psgcheck
|
|
- <a href="https://www.gryphel.com/c/feedback.html">feedback</a> </i>
|
|
<br>
|
|
copyright (c) 2018 Paul C. Pratt - last update 10/19/2018
|
|
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|