[sword-devel] Open book unlocking system (was Re: Module verification, was Re: [sword-devel] DoctrinalStatement)

Jerry Hastings sword-devel@crosswire.org
Sat, 05 Aug 2000 16:54:31 -0700

Sorry this reply has taken so long. It looks like this is the kind of thing 
that X.509 is for. I think it would be a great way to start working out 
security. I didn't see anyone jumping on the idea to get it done though. 
Perhaps if a rough draft of a Sword implementation was created others may 
take it up.


At 12:53 PM 7/30/2000 +1000, Paul Gear wrote:

>Glad you asked, Jerry.  :-)  I've been thinking about this issue for
>some time.  I started to prepare a long and involved message about how i
>envisaged it working, but i realised that it would probably prove
>incomprehensible to just about everyone but me.  So let me give a brief
>overview, and we can go into more detail later.
>It seems to me that there are several problems we could solve with one
>piece of technology:
>   1.  Encrypted modules.
>   2.  Verification of modules.
>   3.  Point-of-sale type unlocking with which commercial publishers
>would be happy.
>The technology i'm thinking of here is OpenSSL, the free software
>library for implementing X.509 PKI functionality.
>Here is an overview of the components of my proposed solution:
>1.  Modules are encrypted using a single key, by a symmetric cipher (as
>they are now), preferably with a fairly small key length, for
>performance reasons.  (What length do we use at the moment?)
>2.  Modules are signed with the distributor's digital signature.  This
>allows module verification with cryptographic checksums.  A root
>certificate authority key would need to be embedded in the software
>distributions (like Netscape and IE do).  More detailed verification
>parameters (as suggested above by Jerry) could be added to the
>certificate to verify the text if the checksum verification fails.
>3.  Unlocking a book involves creating an SSL connection to an unlock
>server, generating a one-time asymmetric key at the client, and the
>server encrypting the module's symmetric key to that asymmetric key.
>The application stores this asymmetrically encrypted version of the
>module key.
>4.  Reading a locked book involves decrypting the module key and using
>it to decrypt the book.
>What this would require of application software:
>1.  Embedded keys for the root certificate authorities.  We could use
>existing ones on the Internet, or create our own, which would be cheaper
>(i.e. free :-).
>2.  Linking with OpenSSL to do module checksumming and decryption.
>3.  Code to generate, save, and restore unlock keys.
>4.  User interface hooks for: viewing certificates, verifying modules,
>and unlocking books.
>5.  Client-server code for talking to the server during module
>unlocking.  There would need to be a way of allowing manual web or phone
>unlocks as well.
>There are some problems with this proposal, one being that there is no
>obscurity, so anybody with the know-how would be able to write a program
>to decrypt the modules using OpenSSL.  I have a few ideas for overcoming
>this, but it needs to be something which does not compromise our
>commitment to GPL-ed code.
>The other problem is who is going to do it?  This would be a rather
>large undertaking.  I would love to do it, but i don't have the time.  I
>would jump at the chance to quit my job to work on this sort of stuff,
>but who would pay for it?  Know anyone who'd like to invest a bit of
>venture capital?  8^)
>I've copied this to Bob@Logos (although hopefully your mail filters
>would have flagged this message anyway, Bob :-) and Bible-Linux, hoping
>that others might be interested in working on a standard that we could
>all use.  Are there others who we could get together with on this?
>Maybe the guys at Theophilos?
>I know Logos already has a system to do all of this, Bob, but it is a
>possible solution for working together with us (as we discussed some
>time ago on the Bible-Linux list), and it would allow you to upgrade to
>a system using real encryption.  (Of course, you could do that anyway,
>but it would be nice if we could do something together. ;-)
>Well, what think ye?
>"He must become greater; i must become less." - John 3:30