|Go to Page...|
A library for validating and generating Digital Signatures in World of Warcraft.
The Digital Signature Algorithm provides a way of ensuring data received from another player originated from the addon developer and was not modified as it was passed between players.
If you want a technical explanation of how it works you can read FIPS PUB 186-3.
The maths is complicated but the result is fairly basic, you generate a public key and a private key, you hard-code the public key into your addon, then using the private key you can sign a string of data (any length or content) and then send that data along with the generated signature to users of the addon in-game, users can use the public key to validate that the signature matches the received string, if either the signature or the string were altered by even a single bit, it will result in a failed validation.
Key Generation using OpenSSL:
First get yourself a copy of OpenSSL, you may need to use it a lot or just once to generate the keys.
Once you have it compiled (Windows users can find pre-compiled binaries here) input the following commands to generate a key pair.
openssl dsaparam -out dsaparam.pem 1024 openssl gendsa dsaparam.pem -out dsa_priv.pem openssl dsa -in dsa_priv.pem -pubout -out dsa_pub.pem
openssl dgst -dss1 -sha256 -out sigfile.bin -sign dsa_priv.pem payload.txt openssl enc -base64 -in sigfile.bin -out sigfile.txt