Since v2.2, Abiathar has included a feature called VeriMaps with which users can cryptographically sign their levels. The signing certificate for each user should be kept private, because it is used to identify that user to those who might wish to check the authenticity and integrity of downloaded levels. That presents a bit of a problem to those working in shared, synchronized folders (like Dropbox). Fortunately, Abiathar has ways to deal with that.
By default, Abiathar looks for a file called VeriMaps.asign as the signing certificate. However, that can be changed with the VeriMapsCertPath option in editor.aconf. The configuration file must reside in the same directory as Abiathar to be recognized. The value of that option can be a relative or absolute path, so it can be pointed to a file outside of the shared folder. The best choice would probably be to have enough upward traversals to store the certificate immediately outside of the shared folder. If the file does not exist, Abiathar understands that the user does not have a VeriMaps certificate available.
For major projects that truly involve multiple people (rather than one getting assistance from another), I would be happy to issue a signing certificate named for the project. That way, there is no risk of key leakage.
No comments:
Post a Comment