NetSparkle supports verification of DSA hash key to ensure that the files which will be downloaded are not changed on the way from the server to the local PC. The following steps are necessary to implement a working DSA app cast. There are two major steps,
the first one is only for setup reasons and has to be performed only one times. The second one has to be repeated for every update:
Generating a key pair and preparing the software project
- First of all a key pair (public and private key) has to be generated. The realize this NetSparkle comes with a helper tool which allows to generate the key pair. Call the helper tool as follows:
NetSparkle DSA Helper
(c) 2011 Dirk Eisenberg under the terms of MIT license
Generating key pair with 1024 Bits...
Storing private key to NetSparkle_DSA.priv
Storing public key to NetSparkle_DSA.pub
The key pair will be stored in the current folder under NetSparkle_DSA.priv and NetSparkle_DSA.pub.
- In the second step the public key has to be added to your application as embedded resource. Add the NetSparkle_DSA.pub file to your project and ensure that it is marked as “embedded resource”:
A demo project is part of our source code solution.
Publishing a DSA guarded update
- Generate your update package
The update package is the file which will be downloaded from NetSparkle so it’s the file which will be verified after download
- Generate the has key (DSA signature) of this file
The NetSparkleDSAHelper can also generate the needed signature . Call the tool as follows:
NetSparkleDSAHelper.exe /sign_update YOUR_UPDATE_PACKAGE NetSparkle_DSA.priv
After runnig this tool the signature will be printed to the stdout so it possible to integrate this tool in an existing build process
- Add the DSASignature to the appcast XML (see our samples or the sparkle website as self)
Broken DSA Signature will be showed as red dialog short before upgrade will be triggered: