Recommended Code-Signing Practice
From Unofficial BOINC Wiki
The BOINC System uses Digital Signatures to allow the BOINC Daemon to authenticate files sent to the client.
It is important that you use a proper code-signing procedure for publicly-accessable projects. If you don't, and your Server is broken into, hackers will be able to use your BOINC project to distribute whatever malicious code they want. This could result in the end of your project, and possibly the end of all BOINC Powered Projects.
- Choose a computer (an old, slow one is fine) to act as your 'code signing machine'. After being set up, this computer must remain physically secure and disconnected from the network (i.e. keep it in a locked room and put duct tape over its Ethernet port). You'll need a mechanism for moving files to and from the code-signing machine. A USB-connected disk or CD-RW will work, or if your files are small you can use a floppy disk.
- Note: This is to prevent possible compromise of the system that creates the Digital Signatures.
- Install boinc/lib/crypt_prog on the code signing machine (it's easiest if the machine runs Unix/Linux, but it should be easy to compile crypt_prog for Windows too).
- Run crypt_prog with required parameters:
| Parameters | Result |
|---|---|
| -genkey n private_keyfile public_keyfile
n - n bits for the key. private_keyfile - the path (with full file name) where the private key file will be stored. public_keyfile - the path (with full file name) where the public key file will be stored. | Create a code-signing key pair, write it in hex notation. Copy the public key to your server. Keep the private key on the code-signing machine, make a permanent, secure copy of the key pair (e.g. on a CD-ROM that you keep locked up), and delete all other copies of the private key.
1024 is a recommended value for n. |
| -sign file private_keyfile
file - the file to be signed. private_keyfile - the path (with full file name) to the already generated private code sign key. | Produce the signature, write it in hex notation. You can then copy the signature into the file and move it back to the server. |
| -verify file signature_file public_keyfile
file - the file to be validated. signature_file - the path (with full file name) to the already generated signature file for the file. public_keyfile - the path (with full file name) to the already generated public code sign key that file has been signed with. | Verify the file for the correctness of the signature. |
- Use update_versions to install your application, including its signature files, in the download directory and database.
There are less-secure variants; e.g. you could keep the private key on a CD-ROM that is only mounted during signature generation, on a machine that is disconnected during signature generation. But we do not recommend this; a hacked computer could be running a hidden program that steals the private key and transmits it when the computer is connected again.
[edit] UCB Source
[edit] Copyright ©
- 2005 University of California
- 2005 Paul D. Buck
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
