[plug] How does "signing" work?

[Matt Kemner]

On Fri, 20 Jun 2003, quoth Derek Fountain:

> "there appears to be no legal impediment that can prevent systems vendors from
> requiring kernels to be signed by a private key before they can be run"
[...]
> What actually happens, say on a step by step basis, to enforce this "signing"
> enforcement? What technology actually prevents me from running an unsigned
> kernel (or whatever) if I want to?

Signing uses "public key encryption technology" - where two keys are
created - a public key and a private key (as with PGP/GPG etc)

You can not deduce one key from the other, and when something is encrypted
with one key, it can only be decrypted with the other.

When someone uses PGP to sign their email (for example) they sign it with
their private key and only their public key is able to "decrypt" the
signature back to it's original form, which is how you can be certain
they[0] signed it.

If only one character in the original message is modified, the signature
(which includes a hash of the original email) will no longer match it -
which is how you can detect a forgery.

Similarly, the default Microsoft software on the X-Box has a public key
stored on it, and will only play games that have been signed by their
private key.  There's nothing stopping a "system vendor" from releasing
a system that does the same thing in hardware, so in effect it will only
run their software.

However, there's nothing[1] stopping someone from figuring out exactly
which piece of hardware stores the public key, and build something to work
around it - which is pretty much what the X-box mod-chips do.

 - Matt

[0] or to be more accurate, someone in possession of their private key
    and passphrase
[1] at least not here in .au where mod-chips are legal, providing they
    don't contain any code that breaches copyright[2]
[2] which is what held up the PLUG X-Box so long - we had the modchip,
    but had to wait for MS-code free code that would fit in it.