PyTux

Trips of a curious penguin.

Hello, time traveler! You are reading an article that is almost ten years old. The world has changed, and so have I and my opinions. There is a good chance what's below is not current, correct, or secure anymore, and maybe it never was. This page is preserved because I am an archivist at heart, but you have been warned.

Please take this and go signing those updates

If your program does any sort of self-updating, it is fundamental that you check the update payload integrity. And no, fetching it over HTTPS might not be enough.

Otherwise, anyone who can tamper with the traffic of your users, like anyone on their same network, or their ISP, can trivially get code execution by modifying the update while your program downloads it. And yes, it is exploited in the wild and it is easy.

The common way to sign something is to use RSA, but you might not want to rely on yet another external dependency, with God knows which license…
Then, take this! It’s a drop-in, zero-dependency RSA signature verifying function that run on Python 2.4+ (seriously) and… it’s in the Public Domain (CC0), it’s yours.

Here are the instructions on how to generate your private and public keys and how to sign new updates. Don’t worry, it’s all really easy; if you happen to encounter any issues, shoot me a mail at filippo.valsorda -> gmail.com!

I am sufficiently proficient only in Python, so if any C, Perl, PHP or Brainfuck guru wants to show up and contribute the same function in another language, it would be awesome!

Now you don’t have any excuses anymore (at least you Python devs): go signing your updates!
(And maybe also following me on Twitter)