pif_QuickSig

by Popisfizzy
A way to authenticate open messages sent between two servers. [More]
To download this library for your Linux/Mac installation, enter this on your command line:

DreamDownload byond://Popisfizzy.pif_QuickSig##version=1

Emulator users, in the BYOND pager go to File | Open Location and enter this URL:

byond://Popisfizzy.pif_QuickSig##version=1

18 downloads
Version 1.0.20160328
Date added: Mar 27 2016
Last updated: Sep 26 2021
0 fans
pif_QuickSig is a library designed to allow programmers to digitally sign messages sent between servers in order to verify their authenticity and integrity when sending over open channels (e.g., over the internet).

Digital signatures are a way of verifying that the person who claims to've written some message is actually the author, and that the message was not altered in some way during transit. You may read more about digital signatures here.

Most digital signature schemes rely on asymmetric key cryptosystems, (look here to read about these on Wikipedia), and these are in fact more secure. The reason I wrote this library is two-fold:
  1. To my knowledge, there are no asymmetric key cryptosystems available on BYOND at the moment, and their implementation is quite difficult and fraught with subtleties that can leave them broken without it being obvious.
  2. They are conceptually a little more difficult to work with.

Given the nature of BYOND, the requirement of being absolutely provably secure (assuming the secrecy of the private key) is not really that necessary, as most messages are ones that do not need to be secure (i.e., they don't have sensitive data) but typically one would still like to verify their integrity and authenticity to make sure someone isn't spoofing them. This can be handled with just regular symmetric cryptographic schemes, but they are a little "heavier" code-wise. This library is meant to provide a balance between the approaches, while not sacrificing too much in the way of security.

Example Implementation

Below is an example implementation in DM, assuming the use of world.Export() to send messages to the remote server.

// An list of servers and their associated pif_QuickSig objects. Each affiliated server has
// a different /pif_QuickSig object. The reason is explained in the documentation.
var/list/Servers = new

proc
    SendMessage(address, message)
        var/pif_QuickSig/signer = SignerLookUp(address)

        // This is the new_signature, which will be sent to the remote server to verify the
        // integrity and authenticity of the message.
        var/signature = signer.StepSignature(mesage)

        // Sends the message to the remote server.
        return world.Export("byond://[address]?message=[html_encode(message)]&signature=[new_signature]")

    RecieveMessage(address, message, test_signature)
        var/pif_QuickSig/signer = SignerLookUp(address)

        // We assume that message has already been decoded.

        if(signer.Test(mesage, test_signature))
            // If the /pif_QuickSig object has validated the message, first step the local
            // signature and then allow processing of the message.

            signer.StepMessage(message)
            ProcessMessage(message)

            // Messaged was valid.
            return 1

        // Message could not be authenticated.
        return 0