DSUtils and BinPBO

[cross 1]

how about;

a server may not want to use some other addons from Matt.

So the best thing i guess would be to create multiple signatures like..

matt.bikey (universal)

matt-effects.bikey

matt-weapons.bikey

matt signes all his addons with matt.bikey

matt signs relevant addon with relevant bikey.

So..matt issues 2 signatures (for his effects addon)  signed by 1)matt.bikey and 2) matt-effect.bikey

and any server who is wlling to accept anything that might come from matt would put the "matt.bikey" (bc matt would sign all his addons with this)

or just puts the "matt-effects.bikey" if wants to limit to the effects only..

eventho it creates a bit more work on addon makers, i think it gives some flexibility and confidence to servers.

some discussion here as well. http://www.flashpoint1985.com/cgi-bin....t=68437

..edit..

matt is an honest person swore not to sign anything else with his signatures

[rundll.exe 12]

@Hoot:

I said "there is no need".

I didn't say he should not. Actually i agree that every addon

should be signed.

I disagree. If a mod is known to be MP incompatible, or can be seen as a cheat (like Dynamic range example)

There should be no signing, so there could be no confusion. (no key = no MP)

[cross 1]

no..everyone can sign anything..

if seen as cheat server removes the signatureholder's .bikey from server keys folder

[hoot 0]

@rundll.exe: But why? I don't get it. It is up to you as an server admin whether or not you use the key to allow that addon? So i don't care what the addon or mod is actually doing or whether or not it is sp or mp only, i decide what is allowed and what not.

[.kju 3242]

<table border="0" align="center" width="95%" cellpadding="0" cellspacing="0"><tr><td>Code Sample </td></tr><tr><td id="CODE">Advanced usage scenario: Server keys

One addon can be accompanied by multiple signatures, each

signed with a different key. One application for this can be server

admin can create his own key for his server, and can use it to sign

all addons on the server he considers safe.

Note: For this usage style, signature files for the addons need to

be distributed to all users connecting to that server.

*doh* i missed that one somehow...

@Hoot about server side scripting:

Not sure myself as i am not a scripter.

Yet as far as i know, the SSS is being run in a separate virtual

machine which cannot communicate with the normal

scripting / game VM.

Some additional info from Suma / BI would be very much

appreciated!

If it is not possible, it would be very useful to have the

ability to notify a user via SSS.

@Suma / CRC on public key

I meant to check the public key of course.. sorry about that.

So scenario xy would be that a server admin downloads an

addon from a 'phishing' site where an addon has illegally been

modified, transfers the key and the addon to the server and

makes all his buddies get the corrupt files..

So a central trusted authority could provide key files and/or

CRC checksums to check the key file authenticity.

Well it might be a somewhat unlikely case, but time will tell.

In general only the practical use, misuse and abuse will tell.

It might very well depend on the type of addon.

Some addon only sees one or just a few release, whereas others

get updated very often.

Overall i think server admins can bear the effort get new keys

often and removed outdated ones.

Its just the same business for addons and missions right now.

Still the weakest point remains the signee, so it might be wise

not to make the process to complicated for him in general.

Yet actually it isn't very much effort and isn't very complicated.

Time will tell.

Using keys to get people only use and be able to use the latest

or desired addon version is a big trouble for now, so it would be

neat to (ab)use the key system for this as well.

@rundll.exe:

The server admin has decide anyway and he will.

So no point letting the addon maker judge it or make him do so.

Let the server admin do so, if he likes it or not.

[rundll.exe 12]

@rundll.exe:

The server admin has decide anyway and he will.

So no point letting the addon maker judge it or make him do so.

Let the server admin do so, if he likes it or not.

But what if an addonmaker makes both? A mp compatible, and a mp incompatible?

If he signs them both, and want to ban one, you have a problem.

Its more practical for Mission makers also: If an addon has a key, the addonmaker states his addon is MP compatible (his responsability) So MP mission makers can safely use em.

But prolly statig that in the readme does the same job.

I just hate it when ppl crash the servers with some random addons loaded wich they like in SP...

[Gaffa 0]

Quote[/b] ]Create your own keys

Use DSCreateKey to create a key, like this:

DSCreateKey myName

Maybe im doing something wrong, but I double click on the exe and nothing happens.

From my previous post in another topic, I got a private key by dropping an addon on the DSCreateKey.exe. After that, I used BinPBO. But Suma said thats wrong.

Sorry for the stupid questions, ive tried reading the wiki but no luck.

BTW, as I own a server, I will be happy to use different keys for different addons, that are made by the same author. Makes sense to me.

[rundll.exe 12]

its meant as a command line I guess: click start: run: type cmd: click ok: browse to the exe, and type the command.

You can also create a shortcut with the command line in it, just as your Arma shortcut.

[Maddmatt 1]

From my previous post in another topic, I got a private key by dropping an addon on the DSCreateKey.exe. After that, I used BinPBO. But Suma said thats wrong.

DSCreatekey is for creating your key, not for signing addons. You run it through a command line (you can use Start/Run) and specify the name for your key. You then use the BIS *.pbo tools to sign your addon with the key.

[.kju 3242]

Quote[/b] ]But what if an addonmaker makes both? A mp compatible,

and a mp incompatible?

If he signs them both, and want to ban one, you have a problem.

There is the saying "I prefer only to rely on myself on important

matters".

You can always sign the specific version of the addon yourself and

ban therefore the other version yourself.

[rundll.exe 12]

With the consequence all clients need the server key too...

Well lets say it depends on the taste of the serveradmin.

But some overall guidelines for addonmakers would be good.

[UNN 0]

Quote[/b] ]But what if an addonmaker makes both? A mp compatible, and a mp incompatible?

If he signs them both

Why would someone want to do that? If someone goes out of their way to confuse everyone else, there is only one natural conclusion...

So far, what I've read on the wiki seems pretty explicit.

[hoot 0]

@Hoot about server side scripting:

Not sure myself as i am not a scripter.

Yet as far as i know, the SSS is being run in a separate virtual

machine which cannot communicate with the normal

scripting / game VM.

Some additional info from Suma / BI would be very much

appreciated!

If it is not possible, it would be very useful to have the

ability to notify a user via SSS.

Yep i read about it in the wiki and came to somehow the same conclusion.

I second the wish to have such a functionality as i fear that if the player don't know why he was kicked he probably won't return because it might be his last point to check his 20K addons for what is working and what not on a specific server.

But on the other hand, if he has loaded 20K addons and a serverside script is telling him what addons or mods are not allowed, the list of notification may blasting the users screen. On a System with 5 or whatever chatlines, that message could be a little hard to follow Maybe putting it in an element of the BI GUI might help. A screen-wide infobox with scrollbars in case the list is getting really long. However, any notification is appreciated.

[Gaffa 0]

I could have sworn it tells you which addon is wrong. Before signatures was released, I tested it on my server. Now the only addons people can join with, was the vanilla addons, as they have a key.

One of my clan member had the RHS_Hind in with he's default addons. When he joined it said something about "RHS_Hind", was the reason he got kick.

I might be wrong but thats what happend.

BTW, why do you need to sign an addon if its not being used for MP? Or even if its not MP compatible? That way you wont have to worry about adding MP compatible keys and banning non MP compatible keys made by that author.

I thought the whole idea behind verified signatures, was purely for MP and nothing else.

[Maddmatt 1]

BTW, why do you need to sign an addon if its not being used for MP? Or even if its not MP compatible? That way you wont have to worry about adding MP compatible keys and banning non MP compatible keys made by that author.

I thought the whole idea behind verified signatures, was purely for MP and nothing else.

Of course signatures are only needed for MP. No point signing an addon that doesn't work in MP, that's just dumb

[hoot 0]

You connect to a server with an addon, let's say with a soundmod what is imho a clientside addon, the server has no proper signature for it so it kicks you, as it would do with 'equalmod enabled'. Maybe it is not that dumb or i simply didn't have understand it.

edit: I can't see a difference in handling of what is a clientside addon and an mp one, as you load them whatever they are. So if you go online any loaded addon should be considered as dangerous, because anything is possible a threat and only the own instance, the server here, is trustable. So i would say the server will kick anyone who's having whatever addon loaded and from what he misses a proper signature locally. That's why i say: sign anything. However, as told, i'm maybe wrong with this.

[Maddmatt 1]

You connect to a server with an addon, let's say with a soundmod what is imho a clientside addon, the server has no proper signature for it so it kicks you, as it would do with 'equalmod enabled'. Maybe it is not that dumb or i simply didn't have understand it.

It will do whatever the admin has set it to do. Most likely it will kick you, since otherwise it would be pointless.

'equalmod' doesn't offer any protection against cheats, and it's very easy to work around. The signature system is a more advanced way of doing this stuff.

[hoot 0]

Well and when i want to play on a server with my soundmod then the server needs a porper signature for this clientside addon, right?

Edit: Your statements are somehow strange.

At first you say:

Quote[/b] ]No point signing an addon that doesn't work in MP, that's just dumb

and then

Quote[/b] ]It will do whatever the admin has set it to do. Most likely it will kick you, since otherwise it would be pointless.

So what is it then? Pointless to sign such addons or not?

Btw, i've not asked for equalmod, that was entirely an example

[Maddmatt 1]

Well and when i want to play on a server with my soundmod then the server needs a porper signature for this clientside addon, right?

Of course.

Quote[/b] ]

Edit: Your statements are somehow strange.

At first you say:

Quote[/b] ]No point signing an addon that doesn't work in MP, that's just dumb

and then

Quote[/b] ]It will do whatever the admin has set it to do. Most likely it will kick you, since otherwise it would be pointless.

So what is it then? Pointless to sign such addons or not?

What are you trying to say? That you want to use addons not meant for MP when you play online? Why on Earth would you do that?

Of course it's pointless to sign such addons. If the addon does not work in MP, then you should not be running it when you play MP. What does it need to be signed for?

[hoot 0]

Again, you load a soundmod addon, whereby it is insignificant whether or not you call it clientside or mp addon, it is de facto an addon you have loaded with you when you go online and should be considered as being dangerous. The server will get notified what you are about to bring with you and then it looks in his own key directory whether or not an appropriate key can be found. If not it kicks you. So the server will need the addon's key to let you in.

When i want to go and play online i simply want to play with my 'clientside' soundmod addon.

I fear i simply don't understand the definition of clientside or mp addon. I have it loaded, it is active in memory whatsoever it is.

Maybe we are talking at cross purposes

[whisper 0]

Again, you load a soundmod addon, whereby it is insignificant whether or not you call it clientside or mp addon, it is de facto an addon you have loaded with you when you go online and should be considered as being dangerous. The server will get notified what you are about to bring with you and then it looks in his own key directory whether or not an appropriate key can be found. If not it kicks you. So the server will need the addon's key to let you in.

When i want to go and play online i simply want to play with my 'clientside' soundmod addon.

I fear i simply don't understand the definition of clientside or mp addon. I have it loaded, it is active in memory whatsoever it is.

Maybe we are talking at cross purposes

You WILL get kicked, then. You're trying to go on a server that do not accept this soundmod as valid (there's no key for it) => you get kicked.

That's pretty logical, since the server admin does not feel the soundmod is fair, he kicks you, as simple as that.

Ie : you can't play online with whatever add-on/mod you feel like playing with. It's the whole point of signature system.

[hoot 0]

Folks i've got it, i know it, i just answered to maddmatts statement that signing so called clientside addons is just dumb.

[whisper 0]

Errr, ok My bad for the unneeded explanation then

[hoot 0]

No no, on the other hand it shows me that i am not that wrong with my opinion

[.kju 3242]

Quote[/b] ]You WILL get kicked, then. You're trying to go on a server that do not accept this soundmod as valid (there's no key for it) => you get kicked.

That is not necessarily correct.

It depends on the server side scripting the server has set.

http://community.bistudio.com/wiki/ArmA:_Server_Side_Scripting

-> onUnsignedData: you can kick or ban him, however you can

let him stay too! (and only take note about the unsigned addons

he is using for example)

Quote[/b] ]signing so called clientside addons is just dumb.

That is not correct mate. The definition clientside addon doesn't

exist.

There are addons which change existing stuff (either ArmA stuff,

or custom addons - in contrast to add new stuff). However it is

still up to the server admin to decide whether he wants this or not!

Personally i would allow most sound mods for a public mp server.

No big deal about these for public play.

League play is different of course.

So it depends and again its up to the server admin.

PS: Take note the whole process is only active once the server

admin has consciously activated verifySignatures( =1; ).