Dr. Dobb's Journal - October 2008 - (Page 36) D10gold_p6as 8/15/08 9:07 AM Page 36 Core Technology CODE SIGNING IN ADOBE AIR continued from page 34 • Securely identify an application during an update. An application can only be updated from an AIR file containing an application with the same identity. • Securely identify an application via the browser API. This API can be used in Flash-based web content to install, detect, and launch applications from the web browser. • Securely identify an application for interprocess communication via the LocalConnection API. LocalConnection can be used to send messages between running AIR applications and Flashbased web content. • Securely identify an application for purposes of accessing encrypted storage via the EncryptedLocalStore API. Logically, this secured identity is a combination of the publisher’s identity and the application’s ID (as declared in the application descriptor). It is perhaps most straightforward to think of the application ID as being scoped by the publisher’s identity. Two publishers can both give an application the application ID “HelloWorld” but the two applications , still have different identities. It is generally convenient to be able to represent an appli- cation’s identity as a string. For example, this string form is used in both the browser API and LocalConnection API when identifying an application. Adobe AIR defines the following string form for this identifier: . Again, is simply chosen by the publisher and declared in the application descriptor. The string form of the publisher ID is computed from the signing certificate as follows: 1. Compute the SHA1 hash of the root certificate’s public key. 2. Moving down the chain, compute the SHA1 hash of its canonical distinguished name and concatenate the result to the previous value. 3. Compute the SHA1 hash of the result. Publisher Identifiers and Certificate Expiration The details of this algorithm are heavily influenced by the fact that certificates expire, and so one cannot simply use, for example, a hash of the certificate itself as the publisher ID. More general issues around certificate expiration are discussed later. Certificates can be renewed and the publisher’s name is the same in the new certificate, but the certificates will not be identical. For example, a new key pair is used and the expiration date has changed. The challenge in designing a stable publisher ID is to make sure it can be preserved across certificate renewal without at the same time introducing any insecurity. To accomplish this, the algorithm computes the publisher ID using the identifying information in each certificate—the distinguished name—and the public key of the root certificate. During a certificate renewal, these pieces of information do not change. At the same time, they can’t be spoofed: No series of authorities as designated by the certificates in the chain would ever issue the two certificates containing the same distinguished names in any situation other than a certificate renewal. Interestingly, there is often more than one way to compute a validation chain for a given certificate. For example, this can happen when a certificate is cross-certified, in which case the issuing authority’s root might not be trusted directly but only because it’s signed by a different trusted certificate . 36 Dr. Dobb’s Journal l www.ddj.com l October 2008 http://www.programmingresearch.com http://www.programmingresearch.com http://www.ddj.com
Table of Contents Feed for the Digital Edition of Dr. Dobb's Journal - October 2008 Dr. Dobb's Journal - October 2008 Contents Friday Night Fish Fry Alia Vox Developer Diaries Developer’s Notebook Is Your Next Language COBOL? Conversations Safe Coding Practices Code Signing in Adobe AIR OpenID Single Sign-On The Book Cipher Algorithm Indexing and Searching Image files Extending Continuous Integration Into ALM The Agile Edge Effective Concurrency Swaine’s Flames Dr. Dobb's Journal - October 2008 Dr. Dobb's Journal - October 2008 - (Page Bellyband1) Dr. Dobb's Journal - October 2008 - (Page Bellyband2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page Cover1) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page Cover2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 1) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 3) Dr. Dobb's Journal - October 2008 - Contents (Page 4) Dr. Dobb's Journal - October 2008 - Contents (Page 5) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 6) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 7) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 8) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 9) Dr. Dobb's Journal - October 2008 - Alia Vox (Page 10) Dr. Dobb's Journal - October 2008 - Alia Vox (Page 11) Dr. Dobb's Journal - October 2008 - Developer Diaries (Page 12) Dr. Dobb's Journal - October 2008 - Developer Diaries (Page 13) Dr. Dobb's Journal - October 2008 - Developer’s Notebook (Page 14) Dr. Dobb's Journal - October 2008 - Developer’s Notebook (Page 15) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 16) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 17) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 18) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 19) Dr. Dobb's Journal - October 2008 - Conversations (Page 20) Dr. Dobb's Journal - October 2008 - Conversations (Page 21) Dr. Dobb's Journal - October 2008 - Conversations (Page 22) Dr. Dobb's Journal - October 2008 - Conversations (Page 23) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 24) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 25) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 26) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 27) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 28) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 29) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 30) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 31) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 32) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 33) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 34) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 35) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 36) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 37) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 38) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 39) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 40) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 41) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 42) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 43) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 44) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 45) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 46) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 47) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 48) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 49) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 50) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 51) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 52) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 53) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 54) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 55) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 56) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 57) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 58) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 59) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 60) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 61) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 62) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 63) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 64) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 65) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 66) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 67) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 68) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 69) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 70) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 71) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page 72) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page Cover3) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.