VeriCode - Easy code signing for ComputerCraft

Started by JackMacWindows, Feb 21, 2021, 12:21 AM

Previous topic - Next topic

JackMacWindows

After seeing a number of people running raw code received over Rednet, I decided to make a code signing library that attempts to make it easy enough to add code signing that a beginner could do it. Introducing VeriCode, a simple library that allows you to sign, send, receive, and verify Lua scripts over Rednet or on disk. All that's required is to generate a keypair, add the public key to the client computer(s), load the key files, and then send/receive just like through the normal rednet API. You can also use the plain dump/load functions to use your own destination, such as a file. A simple receiver can be written in as few as three lines. The functions provided are very simple, and most of them mirror pre-existing function syntax to keep the entry barrier low. More instructions documentation, and an example are available in the source code. You can get it at https://gist.github.com/MCJack123/7752c85918bcf23ada028abd615e8750 (or for Pastebin plebs, it's at Ptq5vRvp + ZGJGBJdg as ecc.lua). (Requires CC:T 1.91.0 or later.)


Do note that there are no mechanisms to avoid replay attacks at the moment, so attackers could re-send messages that are listened to. If this is a concern, I'd recommend handling that in your own send/receive functions.