Jump to content
Sign in to follow this  
Dwarden

DSutils v2 release (signatures)

Recommended Posts

To explain the compatibility: v2 signatures are extension of v1 signatures.

- v2 signature can be still understood by old servers and clients, but it acts the same as v1 signature there (no new enhanced checks done). This was done to facilitate the transition. When you release an addon which targets both 1.59 and older, you can release it with a single signature.

- v1 signatures can be still understood by new versions, but they do not pass when extended test is required by the server (verifiySignatures=2).

The addons should be a lot better protected now with v2 tests, the addon modification should be detected faster and more often.

Share this post


Link to post
Share on other sites
- v2 signature can be still understood by old servers and clients, but it acts the same as v1 signature there (no new enhanced checks done). This was done to facilitate the transition. When you release an addon which targets both 1.59 and older, you can release it with a single signature.

This makes me wonder why all BIS pbo's now have two keys/signatures?

Share this post


Link to post
Share on other sites
by old servers and clients

For newer engine versions it provides more information and security.

Share this post


Link to post
Share on other sites
For newer engine versions it provides more information and security.
But Suma just explained that v2 keys work fine on older versions of the game too, so seems a valid question to ask why there are double signatures for original files.

Share this post


Link to post
Share on other sites

For older versions you need the older signature files.

Share this post


Link to post
Share on other sites
For older versions you need the older signature files.
According to Suma ya don't:
- v2 signature can be still understood by old servers and clients, but it acts the same as v1 signature there (no new enhanced checks done). This was done to facilitate the transition. When you release an addon which targets both 1.59 and older, you can release it with a single signature.

Share this post


Link to post
Share on other sites

I'm trying to ensure I understand this change.

1. v1 signatures for BIS products are in the *.bi.bisign files with the PBO.

2. v2 signatures for BIS products are in the *.bi2.bisign files with the PBO.

3. Server with verifySignatures=1 can use the v1 bi.bisign or v2 bi2.bisign signatures (because v2 is backward compatible as a v1 signature).

4. Server with verifySignatures=2 uses the v2 bi2.bisign signature.

Perhaps I just haven't seen a mod with v2 signatures yet or is it possible that the mod will just contain a single .bisign file with a v2 signature? Ultimately, is there a way to know if the mod has already been signed with v2?

Edited by Focher

Share this post


Link to post
Share on other sites

bi2.bisign is _one_ v2 key from BI. They could make more.

And the community can make their own v2 keys.

You recognize it not by the name but by the size.

A v2 sign files has about 556 bytes, while a v1 has around 287 bytes.

Share this post


Link to post
Share on other sites
bi2.bisign is _one_ v2 key from BI. They could make more.

And the community can make their own v2 keys.

You recognize it not by the name but by the size.

A v2 sign files has about 556 bytes, while a v1 has around 287 bytes.

I meant the bi2.bisign files that accompany all the BIS PBOs. I updated the post to clarify that point.

Regardless, a look through the PBOs for the game itself shows some v2 files which are not 500+ bytes.

Share this post


Link to post
Share on other sites

Please post in your CIT ticket / BIF thread those v2 bisign that are not 500+ bytes. Ty

Share this post


Link to post
Share on other sites

I'm having problems with some of my addons on v2 signatures. Some being what puzzles me most. On client end, I only get "session lost", while dedi server gets to know the details. Using v2 utils:

* Created my private key.

* Uploaded resulting bikey to server.

* Signed every addon with new private key.

I get 16 (sound) addons that work.

The following causes me to drop out:

* BiB_Ambience

* BiB_Ambience_c (config file causes an error)

* BiB_AN2

* BiB_C130J

The config files (BiB_AN2_c and BiB_C130J_c) does not appear to cause errors, but I obviously have to remove them anyhow.

The ambience file is quite big at 391MB (even the config is above average with lots of includes, at about 123kB), but the AN2 (10MB) and C130 (12MB) are quite small although bigger than any of the working files.

What on earth could possibly be wrong here? Is it related to file sizes? Suffice to say, it worked without issues with v1 signatures.

Edit: Arrgghh, even wwhen switching back to verifySignatures=1; I'm getting "wrong signature for file ... ambience"...

Edited by CarlGustaffa

Share this post


Link to post
Share on other sites

please try it against last beta

it might be solved as part of the bug fix related to DLC signed content

Share this post


Link to post
Share on other sites

make sure to pack files to pbo with arma2/OA tools and NOT ofp/a1

Share this post


Link to post
Share on other sites

No go on updating to 552/553 alone. The original files were created using depbo, but I now tried repacking them using official (but previously rarely used, I find them a bit inconvenient compared to depbo) BinPBO v1.0.0.2. Now I actually get error messages shown on the client as well, but it's still the same pbo's that remain problematic.

Here is a file containing the addons, signatures, and server key, for the C130J (11MB). Can anyone try this against their dedi just to see if it works? If it doesn't have a look or try to sign with own keys to see if that works? And if that doesn't work, have a look in the pbo's and check for weird stuff (addon making is really not my field). That would determine if somehow my signing is somehow broke, or if the system is broke, or if I'm just stupid.

Delete my server key afterwards, as I don't make public addons, only private and squad based ones.

Share this post


Link to post
Share on other sites

just to test, I had DSCheckSignatures.exe and my public and private key in the same folder. Also the addon I tested on.

But what should I expect as an output when I run

DSCheckSignatures.exe . .

If nothing appears, then it's ok?

If I run

DSCheckSignatures.exe -deep . .

I get

Checking .\xxxxxx.pbo

The xxxxxxx.pbo.myname.bisign size is 559 bytes, so it seems to be ok.

But it would be nice to see a confirmation that I use V2 and that the signing is ok

Edited by NoBrainer

Share this post


Link to post
Share on other sites

a v2 bisign file is around 556 bytes, while v1 are around 287 bytes

no return means all fine yep

Share this post


Link to post
Share on other sites

Would be nice being able to tell what version a bisign is w/o having to actually cross check filesizes or renaming our biprivatekeys - something along the lines of xyz.pbo.maker123.bisign2 sound feasible?

Share this post


Link to post
Share on other sites

That´s why i said without the need of renaming our biprivateykeys ... it´s not like it would be easy to resupply each & everyone who´s using the old (still good) keys and might not have heard of v2 at all.

In the end it´s only a matter of the signatures. Keys are still valid. So theres no need to go over the top, just make signatures have the versioning show in it´s names. Easyily done for BI, happydance ensues.

Share this post


Link to post
Share on other sites
a v2 bisign file is around 556 bytes, while v1 are around 287 bytes

no return means all fine yep

Thanks, then I got it.

Just have to test "live" on a dedicated server then.

Share this post


Link to post
Share on other sites

I've always said that this community needs a central signing authority. Who better than Sickboy? :D

Just keep that private key safe dude, so that no one but you may sign their hax with it. ;D

Share this post


Link to post
Share on other sites
I've always said that this community needs a central signing authority. Who better than Sickboy? :D

Just keep that private key safe dude, so that no one but you may sign their hax with it. ;D

:P "key" + s ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×