I've been doing some poking around, and I think I know how Patchou could implement digital 'signing' on the scripts.
Note: this is very long, and possibly quite boring. Unless you find cryptography very exciting, I'd just skip to the bottom...
The first part would be to make an actual wrapper for the scripts. This format could include things like what engine to use (JScript, VBScript, PerlScript, BobScript
), author details, script name, and actions. You would also store any digital certificates here.
In regards to actions, for example, a single script file could contain a method to display a list of all contacts who had logged in recently, and a method to send a message to all open IM windows. These could be run by having some way for the script file to define menus to insert into the interface (which is relatively easy). This means people could release script 'packs' under one file with lots of different bits of functionality. This is also where you would set up what events your script wants to handle.
Now, for digital certificates, the way I understand it currently is that you store the various bits of information (such as Script Name, Author, Checked By, Date Checked, Safety Level, etc.) in plain, unencrypted format. Then, you calculate the certificate's digest (using MD5, or another similar hashing algorithm), and then encrypt that digest using a private key. This private key would be unique to, say, the group validating the scripts. They then publish their public key on the web for people to download. BTW: all this encryption/decryption would need to be done by a private/public algorithm like RSA or PGP.
Now, the user downloads the script from the site, and Plus! tells the user that the script is digitally signed, but it doesn't know by who... So, the user gets onto the Plus! site, and downloads the public key. Plus! then calculates the certificate's digest again, and uses the public key to decrypt the digest stored in the script file. It compares them, and if they match, then it's an authentic digital certificate. If it doesn't match, then the certificate has been modified.
Of course, this is all good and dandy for the certificate, but what about the script? I think the best approach would be to calculate a digest (and possibly the CRC32 as well) of the actual scripts themselves, and store this in the digital certificate.
And finally, I would recommend AGAINST building this public key into Plus! It doesn't need to be a big secret, although I believe it would be much safer if the user had to explicitly say "Yes, I trust scripts signed by this group", so that someone can't just go and make their own digital certificates. Also, since Plus! is an internet application, it might be worth considering the following:
Instead of storing the public key ON the machine, force Plus! to download it each time it wants to validate a script, and then remove it afterwards. The advantage of this is that a script cannot overwrite the existing public key with it's own, so that it can forge digital certificates. The downside is how to we stop this from happening at startup EACH time? I haven't quite worked out a secure method for that yet, but I'll post again if I get any ideas (beside, I'm sure you've had enough of me talking by now
)
So what does all that mean in layman's terms? When people on some sort of script review board check a script, and determine that it is safe to use, they digitally sign it. Then, when the user downloads the script for the first time, they are asked by Plus! if they trust this script, which has been signed by this particular group (which CANNOT be automated or skipped). If they answer yes, the script would be installed, and ready for use (although they may need to explicitly enable the script). If the script has no digital certificate, they should be informed of this, and asked if they really want to authorise it.
You could even provide a link to check if there's a signed version on the Plus! site...
Anyway, hope this has been of some help to someone
Script? did I hear script?
/ –
