After seeing a number of people running raw code received over Rednet, I decided to make a code signing library that attempts to make it easy enough to add code signing that a beginner could do it. Introducing VeriCode, a simple library that allows you to sign, send, receive, and verify Lua scripts over Rednet or on disk. All that's required is to generate a keypair, add the public key to the client computer(s), load the key files, and then send/receive just like through the normal
rednet API. You can also use the plain
dump/
load functions to use your own destination, such as a file. A simple receiver can be written in as few as three lines. The functions provided are very simple, and most of them mirror pre-existing function syntax to keep the entry barrier low. More instructions documentation, and an example are available in the source code. You can get it at
https://gist.github....a028abd615e8750 (or for Pastebin plebs, it's at
Ptq5vRvp +
ZGJGBJdg as
ecc.lua). (Requires CC:T 1.91.0 or later.)
Do note that there are no mechanisms to avoid replay attacks at the moment, so attackers could re-send messages that are listened to. If this is a concern, I'd recommend handling that in your own send/receive functions.
Edited by JackMacWindows, 20 February 2021 - 11:36 PM.