[squeak-dev] securing SAR/MCZ files, certificates, etc

tim Rowledge tim at rowledge.org
Tue Sep 1 19:49:14 UTC 2015


I mentioned working on using SAR files and/or MCZ as a way to distribute device driver add-ons for Pi Scratch  a while ago. The basics are working nicely and it’s time to ask for advice on securing the files. I’ve noticed assorted ssl/encryption/certificate checking related emails whizz by but never paid a lot of attention in the past.

An interesting additional issue for my use is that the file will need to be loadable/decryptable/checkable very fast, even on a Pi, since it will need to be reloaded (from file, not over the net) each time the user asks for a device needing one of these drivers. We don’t need to be utterly paranoid about the security since nobody is doing anything l crazy with this, like, oh, taking one up to the ISS…

Pointers to stuff to read, load, try, all appreciated from those with experience. No, I haven’t googled much about it since I know too little to be able to make a sensible start without advice.

tim
--
tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
Strange OpCodes: CWB: Carry With Borrow




More information about the Squeak-dev mailing list