DSutils v2 release (signatures)

[suma 8]

To explain the compatibility: v2 signatures are extension of v1 signatures.

- v2 signature can be still understood by old servers and clients, but it acts the same as v1 signature there (no new enhanced checks done). This was done to facilitate the transition. When you release an addon which targets both 1.59 and older, you can release it with a single signature.

- v1 signatures can be still understood by new versions, but they do not pass when extended test is required by the server (verifiySignatures=2).

The addons should be a lot better protected now with v2 tests, the addon modification should be detected faster and more often.

[Defunkt 431]

- v2 signature can be still understood by old servers and clients, but it acts the same as v1 signature there (no new enhanced checks done). This was done to facilitate the transition. When you release an addon which targets both 1.59 and older, you can release it with a single signature.

This makes me wonder why all BIS pbo's now have two keys/signatures?

[.kju 3239]

by old servers and clients

For newer engine versions it provides more information and security.

[sickboy 13]

For newer engine versions it provides more information and security.

But Suma just explained that v2 keys work fine on older versions of the game too, so seems a valid question to ask why there are double signatures for original files.

[.kju 3239]

For older versions you need the older signature files.

[sickboy 13]

For older versions you need the older signature files.

According to Suma ya don't:

- v2 signature can be still understood by old servers and clients, but it acts the same as v1 signature there (no new enhanced checks done). This was done to facilitate the transition. When you release an addon which targets both 1.59 and older, you can release it with a single signature.

[focher 15]

I'm trying to ensure I understand this change.

1. v1 signatures for BIS products are in the *.bi.bisign files with the PBO.

2. v2 signatures for BIS products are in the *.bi2.bisign files with the PBO.

3. Server with verifySignatures=1 can use the v1 bi.bisign or v2 bi2.bisign signatures (because v2 is backward compatible as a v1 signature).

4. Server with verifySignatures=2 uses the v2 bi2.bisign signature.

Perhaps I just haven't seen a mod with v2 signatures yet or is it possible that the mod will just contain a single .bisign file with a v2 signature? Ultimately, is there a way to know if the mod has already been signed with v2?

Edited July 8, 2011 by Focher

[.kju 3239]

bi2.bisign is _one_ v2 key from BI. They could make more.

And the community can make their own v2 keys.

You recognize it not by the name but by the size.

A v2 sign files has about 556 bytes, while a v1 has around 287 bytes.

[focher 15]

bi2.bisign is _one_ v2 key from BI. They could make more.

And the community can make their own v2 keys.

You recognize it not by the name but by the size.

A v2 sign files has about 556 bytes, while a v1 has around 287 bytes.

I meant the bi2.bisign files that accompany all the BIS PBOs. I updated the post to clarify that point.

Regardless, a look through the PBOs for the game itself shows some v2 files which are not 500+ bytes.

[.kju 3239]

Please post in your CIT ticket / BIF thread those v2 bisign that are not 500+ bytes. Ty

[rexehuk 16]

Anyone signing with V2 keys please visit here:

http://forums.bistudio.com/showthread.php?t=121856

[CarlGustaffa 4]

I'm having problems with some of my addons on v2 signatures. Some being what puzzles me most. On client end, I only get "session lost", while dedi server gets to know the details. Using v2 utils:

* Created my private key.

* Uploaded resulting bikey to server.

* Signed every addon with new private key.

I get 16 (sound) addons that work.

The following causes me to drop out:

* BiB_Ambience

* BiB_Ambience_c (config file causes an error)

* BiB_AN2

* BiB_C130J

The config files (BiB_AN2_c and BiB_C130J_c) does not appear to cause errors, but I obviously have to remove them anyhow.

The ambience file is quite big at 391MB (even the config is above average with lots of includes, at about 123kB), but the AN2 (10MB) and C130 (12MB) are quite small although bigger than any of the working files.

What on earth could possibly be wrong here? Is it related to file sizes? Suffice to say, it worked without issues with v1 signatures.

Edit: Arrgghh, even wwhen switching back to verifySignatures=1; I'm getting "wrong signature for file ... ambience"...

Edited August 9, 2011 by CarlGustaffa

[Dwarden 1124]

please try it against last beta

it might be solved as part of the bug fix related to DLC signed content

[.kju 3239]

make sure to pack files to pbo with arma2/OA tools and NOT ofp/a1

[CarlGustaffa 4]

No go on updating to 552/553 alone. The original files were created using depbo, but I now tried repacking them using official (but previously rarely used, I find them a bit inconvenient compared to depbo) BinPBO v1.0.0.2. Now I actually get error messages shown on the client as well, but it's still the same pbo's that remain problematic.

Here is a file containing the addons, signatures, and server key, for the C130J (11MB). Can anyone try this against their dedi just to see if it works? If it doesn't have a look or try to sign with own keys to see if that works? And if that doesn't work, have a look in the pbo's and check for weird stuff (addon making is really not my field). That would determine if somehow my signing is somehow broke, or if the system is broke, or if I'm just stupid.

Delete my server key afterwards, as I don't make public addons, only private and squad based ones.

[nobrainer 0]

just to test, I had DSCheckSignatures.exe and my public and private key in the same folder. Also the addon I tested on.

But what should I expect as an output when I run

DSCheckSignatures.exe . .

If nothing appears, then it's ok?

If I run

DSCheckSignatures.exe -deep . .

I get

Checking .\xxxxxx.pbo

The xxxxxxx.pbo.myname.bisign size is 559 bytes, so it seems to be ok.

But it would be nice to see a confirmation that I use V2 and that the signing is ok

Edited August 11, 2011 by NoBrainer

[.kju 3239]

a v2 bisign file is around 556 bytes, while v1 are around 287 bytes

no return means all fine yep

[mr burns 131]

Would be nice being able to tell what version a bisign is w/o having to actually cross check filesizes or renaming our biprivatekeys - something along the lines of xyz.pbo.maker123.bisign2 sound feasible?

[.kju 3239]

Name your key MyTag_v2

[mr burns 131]

That´s why i said without the need of renaming our biprivateykeys ... it´s not like it would be easy to resupply each & everyone who´s using the old (still good) keys and might not have heard of v2 at all.

In the end it´s only a matter of the signatures. Keys are still valid. So theres no need to go over the top, just make signatures have the versioning show in it´s names. Easyily done for BI, happydance ensues.

[nobrainer 0]

a v2 bisign file is around 556 bytes, while v1 are around 287 bytes

no return means all fine yep

Thanks, then I got it.

Just have to test "live" on a dedicated server then.

[sickboy 13]

All mods on the Six Updater network are now signed with v2!

http://forums.bistudio.com/showthread.php?p=2058436#post2058436

[nobrainer 0]

Nice Sickboy!

[maddogx 13]

I've always said that this community needs a central signing authority. Who better than Sickboy? :D

Just keep that private key safe dude, so that no one but you may sign their hax with it. ;D

[sickboy 13]

I've always said that this community needs a central signing authority. Who better than Sickboy? :D

Just keep that private key safe dude, so that no one but you may sign their hax with it. ;D

:P "key" + s ;)