On Dec 11, 12:59*pm, Westbender wrote:
I haven't gotten that far yet. I don't think there's any reason why
the source code can't be released, although I don't know why that
would be important. All the DLL does is run the hashing algorithm and
decrypt the signature using the public key so they can be compared.
There isn't much to it. Really, the only thing that needs to be secure
is the private key that's used to create the digital signature in the
converter program. The private key is not in any way part of the
validation DLL. By the way, in case you're wondering, this software
uses 1024 bit DSA asymmetric encryption/decryption keys. The hashing
algorithm is my own and uses SHA1.

I'm a bit confused as to what you are doing. Are you simply hashing
the contents of the supplied IGC file, appending a new signature, then
providing code to the OLC so they can verify the new signature? How
does the OLC verify that the newly signed IGC file is, in fact, a
valid copy of the CAI flight data file originally downloaded from the
GPS-NAV?

Marc