Jump to content
Sign in to follow this  
Dwarden

DSutils v2 release (signatures)

Recommended Posts

For server admins and addon makers

http://community.bistudio.com/wiki/DSUtils_2

more details : http://forums.bistudio.com/showthread.php?t=115114

Note:

- The server with verifySignatures=1 will check both v1 and v2 signatures.

- With verifySignatures=2 the server will reject clients using any addons which are signed by v1 signatures only.

- The new signatures are understood by old clients and servers as well, but they do not provide any enhanced security for them

http://community.bistudio.com/wiki/ArmA:_Server_Side_Scripting

level checkFile and regularCheck are what admins must use for optimal security

remember if you use the signature tool it overwrite the same filename used for v1 with v2

Edited by Suma
Clarified compatibility, clarified verifySignatures

Share this post


Link to post
Share on other sites

Thank you masters of the ArmAverse!

And thanks Soner, that seems like an easy to use and useful tool!

Share this post


Link to post
Share on other sites

added some more details for admins

Share this post


Link to post
Share on other sites

How is this going to work in combination with BinPBO´s "Create signature" function?

Share this post


Link to post
Share on other sites
Thank you masters of the ArmAverse!

And thanks Soner, that seems like an easy to use and useful tool!

get that on DH.

Share this post


Link to post
Share on other sites

Interesting part is that you don't have to create a new key, the createKey utility has remained untouched.

Share this post


Link to post
Share on other sites

actually the file will be overwritten using v2 signature, so i updated the post with the compatibility way we used ...

these who sign can decide if they use theirs old signature to replace v1 with v2 ignoring backward compatibility

or they follow the compatibility example

Share this post


Link to post
Share on other sites

well, this is not making a great deal of sense signature files wise. so far as i can see all bi have done is release a new public key against a new internal private key. That's fine and good, and hardly earth shattering.

pbo's themselves and the signatures *they* already have, don't change, nor could they.

the so called version2 stuff might well only work with bi2 bikeys, that's engine functionality, but nothing appears to be any different dsSignature tools wise and i'm suprised (and confused) what purpose re-releasing these 3 exes do for arrowhead that the old tools don't do in any case.

Share this post


Link to post
Share on other sites
actually the file will be overwritten using v2 signature

Will this be changed?

these who sign can decide if they use theirs old signature to replace v1 with v2 ignoring backward compatibility

I don't understand the meaning of backward compatibility. The v2 signature works with verifySignature 1 + 2. To be sure, i have tested it with an addon. In which case can it be incompatible?

Share this post


Link to post
Share on other sites

Servers running older game versions I guess.

Does anyone know about ArmA2 original compatibility with the new sigs, or is it OA only?

Share this post


Link to post
Share on other sites

From what I understand the v2 tool creates a different sign file.

The hash is based on the complete pbo data, while the v1 version only used some data of the pbo.

The key creation has not changed.

Your only advised to create a new key to separate v1 and v2 sign files for pbos.

The recommendation is to use v2 only as the v1 security was compromised.

The compatibility mode to use v1 and v2 is for those who want to take the additional

risk to be able to continue to use old v1 bisign files until addon authors have released

new v2 signs for their addons (pbos).

Edit:

As suggested, DSCreateKey.exe is unmodified.

Only DSSignFile.exe and DSCheckSignatures.exe.

Edited by .kju [PvPscene]

Share this post


Link to post
Share on other sites
well, this is not making a great deal of sense signature files wise. so far as i can see all bi have done is release a new public key against a new internal private key. That's fine and good, and hardly earth shattering.

pbo's themselves and the signatures *they* already have, don't change, nor could they.

the so called version2 stuff might well only work with bi2 bikeys, that's engine functionality, but nothing appears to be any different dsSignature tools wise and i'm suprised (and confused) what purpose re-releasing these 3 exes do for arrowhead that the old tools don't do in any case.

While DSCreateKey.exe is the same, DSSignFile.exe is different and generates a new, longer (556 instead of 287 bytes long) bisign.

Whether you wish to create a new signature key is up to you but I'd strongly suggest that you do. That way admins and players can easily see whether the said addon is version 2 without having to compare the size.

Share this post


Link to post
Share on other sites

This should work with BINPBO right? Just shove the new DSSignFile into

C:\Program Files (x86)\Bohemia Interactive\Tools\BinPBO Personal Edition\DSSignFile

Not tried it yet.. but I imagine it will :P.

Share this post


Link to post
Share on other sites
This should work with BINPBO right? Just shove the new DSSignFile into

C:\Program Files (x86)\Bohemia Interactive\Tools\BinPBO Personal Edition\DSSignFile

Not tried it yet.. but I imagine it will :P.

It does work, yes.

Share this post


Link to post
Share on other sites

v1 signature system received "death note" entry from me,

that's why i removed the compatibility writeup ...

unless there is reason to change this i will not try save v1 from it's fate...

Share this post


Link to post
Share on other sites

Yep. Every addon has to be signed again with the new tool to get a v2 signature.

The main question is how to achieve this - especially for addons that have their author left the scene.

Hint: Something along the lines of a community sign server - an automated system.

Share this post


Link to post
Share on other sites
This should work with BINPBO right? Just shove the new DSSignFile into

C:\Program Files (x86)\Bohemia Interactive\Tools\BinPBO Personal Edition\DSSignFile

Not tried it yet.. but I imagine it will :P.

It does work, yes.

Oh great, i´m good to go then. Thx for clarification :)

Share this post


Link to post
Share on other sites
Yep. Every addon has to be signed again with the new tool to get a v2 signature.

The main question is how to achieve this - especially for addons that have their author left the scene.

Hint: Something along the lines of a community sign server - an automated system.

i resigned all mods for our community with V2 Key´s and gave out the serverkey´s aswell.

i wont waste time with waiting for author.

Share this post


Link to post
Share on other sites

have a problems with v2 sign.

Addons packed with cPBO and signed with DSUtils2 rejected by the server with wrong signature.

Addons packed with BinPBO and signed with DSUtils2 are good.. but some of addons wont work after BinPBO repack (even without binarize) - for example "celle" island... it says about missing \ca\celle\celle.wrp when I start the server.. also there is no island visible even in editor...

Also signs v2 for almost every old addons wont work without repacking with BinPBO

Maybe I missed something?

P.S. of course I placed .bikey file in arma2\keys directory.

Share this post


Link to post
Share on other sites

Use eliteness/makepbo.

Many pbos are packed with OFP/a1 tools that make the signature generation not possible / faulty.

Share this post


Link to post
Share on other sites

The reason why Celle and other addons don't work after repack is because you need to apply the same pboprefix, for Celle this seems to be ca\celle

Perhaps better to ask the original authors to sign with v2.

Share this post


Link to post
Share on other sites

A repack with mikero's tools should do the job.

The reason the wrp is not the in the pbo is the binpbo settings.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×