New version of signatures coming in 1.58

[suma 8]

To provide stronger security we have extended the signatures to contain more information about the signed file. We intend to distribute new signatures for all official content in the 1.58 stable patch (coming hopefully soon), and updated version of signing tools should follow shortly, so that other addon makers can resign their content as well.

Once the "v2" signatures will become widespread, it will be possible for server admins to enforce using the new signatures only by changing the value of "verifySignatures" from 1 to 2. As v2 signatures should provide a lot better security (which we hope will be seen once servers start to use it), if everything goes well we hope within a few months this setting should become common for most servers out there.

Edited February 21, 2011 by Suma
Fixed typo

[Lonestar 11]

Very nice! :)

[PuFu 4600]

nice...i foresee some descent in MP hacks :)

any technical details?

Edited February 21, 2011 by PuFu

[Tankbuster 1746]

Will a server using verifySignature 2 correctly check old signatures or will it reject them?

[suma 8]

Will a server using verifySignature 2 correctly check old signatures or will it reject them?

The server with verifySignature 1 will check both v1 and v2 signatures. With verifySignature 2 the server will reject v1 signatures.

[Tankbuster 1746]

OK, thanks.

[messiahua 0]

v2 will work faster or slower (performance/cpu wise) ?

[Lonestar 11]

[78372] Improved: Faster Signature checks on server side.

It goes with:

[78174] Improved: Stronger signature checking.

As both improvements will be included in next patch, I guess they have optimized the whole process.

[snoops_213 75]

Who says BIS don't care about security in their game! Will this be implemented into ArmA2(Patch 1.09) or just OA and DLC's?

[gossamersolid 155]

Well let's hope once this gets released that a lot of Addon Makers rush to update their stuff to v2 keys :)

[cole 0]

Well let's hope once this gets released that a lot of Addon Makers rush to update their stuff to v2 keys :)

Yep, this could be a problem. Some older (abandoned) addons might be doomed now.

But it's good to see the signatures improvement.

[gossamersolid 155]

Yep, this could be a problem. Some older (abandoned) addons might be doomed now.

But it's good to see the signatures improvement.

Well if addon makers become unreachable, a trusted community member should distribute re-signed addons.

[cole 0]

Well if addon makers become unreachable, a trusted community member should distribute re-signed addons.

You know, with the current fuss about all the copyrights and everything around, I'm kinda scared about that option :p

[Dwarden 1125]

why Cole?

plus each server admin himself can create own signatures for all addons used on his server ...

if needed

[.kju 3245]

Forum rules

§20) Posting addon/mod other content without permission

(...)

The first and most fundamental rule is that you must seek permission to alter someone's work, to mirror it or use it in any way other than for personal use. No permission, no editing, no mirroring, no adding to your mod pack, no editing and sharing around your private squad, none of that is acceptable.

[Dwarden 1125]

posting your own signatures (server case or else) for any (including un-signed) addons is definitely not related to these rules ...

[.kju 3245]

Sure signatures alone are something different than a repack.

If a repack is allowed, then the rules of the forum should get reworked.

[carlostex 38]

nice...i foresee some descent in MP hacks :)

any technical details?

MP hacks??

WTF i thought we couldn't cheat in Arma 2 already.

[ast65 10]

Dunno, everytime I join a public PvP server there are lots of people with modified buildings-, plants-, etc- pbo´s.

This is cheating, isn´t it?

[Zipper5 74]

MP hacks??

WTF i thought we couldn't cheat in Arma 2 already.

Wat. You must be trolling.

Dunno, everytime I join a public PvP server there are lots of people with modified buildings-, plants-, etc- pbo´s.

This is cheating, isn´t it?

Unlikely. Could be addons in use, could be random mismatches due to patches or differences in versions if running beta patches, could be many things. If those correspond to vanilla files they are unlikely candidates to be modified to give their user an unfair advantage.

[CarlGustaffa 4]

Shouldn't addons be using other files? I don't expect it to be due to patching, as my latest "touch" was expansion\addons\plants_e.pbo at 22-dec-2010. There "can" be some "proper style" fixing going on of course, and there can in some cases be addons that give unfair disadvantages to the player (such as forced crosshairs off), so it doesn't have to be about cheating.

[pathetic_berserker 4]

Still a bit confused by the implications of this. Does it mean that older addons will only work with v2 servers if a specific server admin goes to such lengths to create new keys (wich the community has worked so hard to keep maker specific) for his server. Giving rise to a situation where mod folders will have to be set up to suit individual servers, due to there being multiple keys for single addons.

Hope I'm misunderstanding, coz reality = cant see this happening.

[Lonestar 11]

The server with verifySignature 1 will check both v1 and v2 signatures. With verifySignature 2 the server will reject v1 signatures.

+5 chars.

[.kju 3245]

CSS - Community sign server

[messiahua 0]

Are there any new tools to create new signatures?