6.4.6 Signing SecureUPDATE file - Part I


   Signing SecureUPDATE file - Part I


To sign a SecureUPDATE file, the steps are:


a) Edit, Drag and Drop or select from the ComboBox a SecureUPDATE file (SecureDELTA or XtremeDELTA file)



b) Generate the Private/Public Key pairs, if files have not been already generated


Once this step has been accomplished, the Sign button get enabled, and the information "SecureDELTA file is ready for signing" appears.




There is a choice of a hashing algorithm, when the button is pressed or the split button arrow is pressed:



MD5 Hash selection will use the MD5 algorithm to create a fingerprint of the entire SecureUPDATE file. MD5 is a message-digest algorithm that is a widely used hash function producing a 128-bit hash value.  


For further information on MD5 Message Digest, please see external RFC 1321 "The MD5 Message-Digest Algorithm RFC"

       However, there is a well-documented weakness in the algorithm, that is why agersoftware decided to also include a 256bit message-digest algorithm, as another solution to signing binary diff files, called SHA.


MD5 produces a message/file-digest or a file fingerprint, for instance:



If a single bit is modified within the SecureUPDATE file content or header, the same MD5 algorithm applied on the file produces another result, for instance:



Mismatch fingerprints signal the fact that the SecureUPDATE file has been altered or modified. SecureDECODE will not install the update on the TARGET MACHINE!


SHA256 uses the 256bit version of the well known SHA algorithm.


For further information on the Secure HASH Algorithm Standards used, please access "Descriptions of SHA-256, SHA-384, and SHA-512" - Download PDF from csrc.nist.gov