[sword-devel] encryption and integrity checking.

Wed Mar 11 05:29:43 MST 2009

On Mar 11, 2009, at 5:04 AM, Peter von Kaehne wrote:

> One of the problems which has come up again and again when discussing
> with publishers has been the worry that texts which are released to
> CrossWire become an easy target for abuse - either commercial abuse  
> with
> texts of some commercial importance or, more worrying to me at least -
> manipulation of texts by cults and other entities.
>
> What possible solutions could we offer to provide text encryption and
> integrity checking in a plausible way which would not violate GPL and
> goes beyond our current practice of simply incorporating a key into  
> the
> conf files?
>
> This is a serious and important question. I am aware of several texts
> which we did not get or where people hesitate because this is not
> possible right now.

I've thought about this quite a bit as it has bothered me quite a bit.  
It especially bothers me that some so called Christians feel free to  
steal and won't honor ownership. I've heard all kinds of  
rationalizations.

As pointed out in other's replies there are some issues:

The problem of theft has several vectors:
1) Unauthorized sharing. A user exports a module, key and all, and  
then passes it along. In BibleTime, keys are not held in the conf.  
This is an added safety mechanism.

2) Exporting the module. A user uses mod2imp, diatheke, or some other  
program that decrypts and outputs the text to get a copy of the text.  
Once there it can be used for any purpose. Unfortunately, the way  
things stand today, anything we do can easily be undone. But we should  
at least "lock the doors" to get a thief to move on to an easier target.

I've thought about a double key mechanism. The one key would be the  
module's key, the other would lock the first. I'm not really up on  
security issues, but I could read up.

Other systems, such as e-Sword, are easy to hack their lock. Some use  
obscurity rather than encryption to lock their works.

I'm thinking that we should also change the exporters to mark text as  
being locked (perhaps tagging every verse with a copyright statement),  
limit the number and kind of entries that can be exported at one time,  
and perhaps warn "Let the thief no longer steal."

The best solution would be one that a developer cannot undo, e.g.  
revert the changes in the code.

3) Screen scraping/Copy&Paste - Ultimately every text that can be  
viewed, whose contents can be copied to a clipboard, can be stolen.

The problem of integrity:
I had not thought much about this one before. I have heard that  
Jehovah's Witnesses will often take a translation, pervert it to serve  
their own beliefs, and then redistribute it. I've also heard that some  
others will pervert to subvert it's quality. Having a mechanism to  
ensure that the text has not been changed would be a good one for all  
modules.

I wonder if signing is heavier than necessary? Part of signing that is  
not widely appreciated is that unless a signature is validated by a  
signing authority, it does not mean much. That is generally, pretty  
costly. Perhaps a simple checksum kept in the conf would be sufficient?

DM