repo.xml downloaded in plaintext about xposedinstaller HOT 6 OPEN

So, what's you suggestion? I'm afraid I can't offer HTTPS, especially not for the terabytes of actual module downloads.

from xposedinstaller.

If the problem is the contents of that repo.xml.gz really coming from the true dl.xposed.info, then instead of using HTTPS a signature could be added to the file. The client would have the public key of each of the repos and check that supplied xml files are properly signed.
For the actual download, the md5 could be checked after fetching the module apks.

from xposedinstaller.

Maybe the appropriate approach here is to: hash the file, sign the hash with your private key, add the public key to the installer and then validate the hash/signature when the file is downloaded.

from xposedinstaller.

I haven't implemented anything with HMAC yet, but it seems that it requires a shared secret key, wouldn't it? Obviously, there is no way to store a secret in public project. So it would have to be generated, ideally per request. Which would mean that I couldn't server static files anymore. Please correct my if I'm wrong.

I would go for something with a private key (known only to my server) and a public key (stored in the app) instead. Then I could sign the file right after creating it and serve them statically. The app would verify the file while downloading it. MD5 sum calculation is already taking place.

Anyway, that can still be decided when I find the time to implement it. I'll add it to the mid-term to-do list.

from xposedinstaller.

So would this effort be avoided if we had HTTPS? If so, what would be the
price to upgrade your plan (yearly)? If it's below 100€ I'm willing to pay
for it.

2014-05-16 21:08 GMT+02:00 rovo89 [email protected]:

I haven't implemented anything with HMAC yet, but it seems that it
requires a shared secret key, wouldn't it? Obviously, there is no way to
store a secret in public project. So it would have to be generated, ideally
per request. Which would mean that I couldn't server static files anymore.
Please correct my if I'm wrong.

I would go for something with a private key (known only to my server) and
a public key (stored in the app) instead. Then I could sign the file right
after creating it and serve them statically. The app would verify the file
while downloading it. MD5 sum calculation is already taking place.

Anyway, that can still be decided when I find the time to implement it.
I'll add it to the mid-term to-do list.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/172#issuecomment-43368325
.

from xposedinstaller.

I don't know if the implementation of HMAC must strictly follow what's described on the wikipedia page, but here's how I'd use a "Hash-based Message/contents Authentication Code" mechanism for this situation:

• Hash the contents of the repo.xml file on the server side
• Encrypt the result with the repo's private key (both these steps can be done once upfront, whenever the xml changes)
• Serve both things to clients downloading the file through regular HTTP; either as a wrapped file, or sending the "checksum" as a response header
• The client has the public key of each repo server and after download also hashes the result, decrypts the checksum with the server's public key, and checks if the hashes match. If they do, it's guaranteed that the obtained content is the same as the one present on the server, with no possibility for a MITM replacing them and forging the new hash being signed by the server.

from xposedinstaller.