MIDI Programs
MIDI File Player (External Device)
MIDI Destination Pop-Up Button
Other Programs
Cocoa Sample Programs
Syntax Coloring Using Flex
Algorithms
Jazz Chord Analysis as Optimization
A blog where I will write mostly about programming in Cocoa and CoreMIDI, and experiences from my ports of Emacs and XEmacs to the Mac OS.
| 40-Character License Keys |
Did a lot more testing of the license key code today. I also change the encoding of the signature so it looks like a license key now: 8 groups of 5 characters. Since base32 uses the letters “O” and “I” which can be confused with zero and one, they are now mapped to the unused digits 8 and 9 instead. Here’s a sample run of the programs KeyGen, Sign, and Verify.
$ ./KeyGen Private key = qlgh2zUGLP2FoFYm Public key = f7pNeV9Iwo6NHGwDoNM= $ ./Sign "Andrew Choi; akochoi@shaw.ca" qlgh2zUGLP2FoFYm Signature = BLXHT-5674B-F2D67-VSWLG-A2ZUL-AYAD9-CHU3W-GAX9U $ ./Verify "Andrew Choi; akochoi@shaw.ca"\ BLXHT-5674B-F2D67-VSWLG-A2ZUL-AYAD9-CHU3W-GAX9U f7pNeV9Iwo6NHGwDoNM= OK $Check out the Certicom ECC Challenge site to get an idea of the strength of this signature scheme. I’m using primes that are roughly 100 bits long which makes it quite breakable if you have a lot of computers and know what you’re doing :-). But in our case the public key won’t be in plain sight...
Next week, I’ll work on code obfuscation :-).
| Python Script for Testing License Key Programs |
I converted the key generator, signer, and verifier programs to encode keys in base64, signatures in base32, and use plain character strings for secret messages. The signature now consists of two base32 encoded components separated by a colon. The actual license key will probably be a string of the form “XXXXX-XXXXX-...”. Here’s a sample interaction that demonstrates the use of these programs.
$ ./KeyGen Private key = LPOFhmozYElPJohu Public key = 6uqDyr8xnuCXqh7XonU= $ ./Sign "Andrew Choi; akochoi@shaw.ca" LPOFhmozYElPJohu Signature = HJVBDNDP4GH6OL7S5MCQ====:KVBVK3WZAUQYAETKC65A==== $ ./Verify "Andrew Choi; akochoi@shaw.ca"\ HJVBDNDP4GH6OL7S5MCQ====:KVBVK3WZAUQYAETKC65A==== 6uqDyr8xnuCXqh7XonU= OK $I want to make sure that these programs are running correctly. So I wrote a Python script to test them. Here’s the log of a sample run that uses 3 key pairs to sign and verify 5 secret messages each. Of course I’m running much longer test than that myself. The random secret messages were generated from the “dict”word list. Thought it was kind of nice to re-visit Python today for this purpose.
keyPairsToTest = 3 secretsToTest = 5 Testing private key = j2lyfOyqpW+33y4I, public key = AYaM1tr9Ea2jbJskdFk2 secret = "Polygrammatic Pistillody; sweetheartdom@undershoe.heliopticon", status = OK secret = "Spirocheticidal Woldy; sigillate@undiagnosable.reabsolve", status = OK secret = "Regressionist Mattamore; toastmaster@thiasi.plectospondyl", status = OK secret = "Canions Encenter; Yucatec@burnishing.debituminization", status = OK secret = "Inadjustability Lemmocyte; grailer@clerid.Acephali", status = OK Testing private key = j2lyfOyqpW+33y4I, public key = AYaM1tr9Ea2jbJskdFk2 secret = "Freemanship Self; staghead@psiloceratan.laserwort", status = OK secret = "Stinkard Aerotherapeutics; acromiohyoid@ingratiate.microgramme", status = OK secret = "Unavouched Superaltar; quaddle@nontransgression.organologic", status = OK secret = "Phyllite Unstaid; prelegate@reprobative.unbale", status = OK secret = "Rhomboidally Triodontoidei; stenching@countermutiny.manifoldly", status = OK Testing private key = 7kRzv2UfI4uabRrx, public key = AduIRLG6Itc19qNvCC5u secret = "Nyanza Legatine; oxyphyllous@strideways.rockhair", status = OK secret = "Interangular Unconvenable; lamentive@chromatophore.nucleohyaloplasma", status = OK secret = "Fistwise Nese; Sapindaceae@Polytrichum.holosomatous", status = OK secret = "Unpitifully Metagnomy; plotful@procuratorship.telesomatic", status = OK secret = "Homekeeping Soother; unprecedently@market.wheelspin", status = OK Successes = 15; Failures = 0
| Base64 and Base32 Decoder and Encoder |
It was quite surprising to me that I could’t find any free (I mean really free, not GPL) C++ code for base64 and base32 encoding. The closest I can find is one from Cyotec, but even that requires ascription. I’m not putting someone else’s copyright notice in my application because of a few lines of code! So here’s a set of base64 and base32 encoders and decoders I’ve written today (base64util.cc, base64util.h) and their test program (main.cpp). As usual I’m releasing them under the Artistic License.
| Pegwit and C++ ECC Code by George Barwood |
It’s not as easy as one may think to find a elliptic curve cryptography (ECC) library with an unencumbered license. There is crypto++ which, as I explained yesterday, I can’t use because of large executable sizes. There’s also pegwit, written by George Barwood. Unfortunately pegwit generates 480-bit signatures, which are a bit long for use as license keys. Barwood also wrote a set of C++ routines for doing ECC, and with it one can select from a set of elliptic curves, and thus use keys and signatures of various lengths.
I won’t post any of my code, but here’s a (hopefully self-explanatory) interaction of generating a key, signing a string with it, and verifying the signature. Note that all values are in hexadecimal and the signature consists of a pair of values. The signature is less than 224 bits (or 28 bytes) long.
$ ./KeyGen Private key = 370c7dad25bf54440f4f503200000002 Public key = d96ac8f8316794f32a6d314b00006e83 $ ./Sign 0123456789abcdef 370c7dad25bf54440f4f503200000002 Signature s = 74aa8e9f30e782b861b17e700000000b Signature r = 9e13790a4d2ae85ea9f23f7800000005 $ ./Verify 0123456789abcdef 74aa8e9f30e782b861b17e700000000b\ 9e13790a4d2ae85ea9f23f7800000005 d96ac8f8316794f32a6d314b00006e83 OK $
| Authorization Code in Crypto++ |
Well, I wasn’t going to post any code used in my authorization code scheme. I believe “security through obscurity” helps a little. But I might as well post the sample programs I wrote today, KeyGen, Sign, and Verify, because I won’t be using them in my shareware application (see reason below)! These programs use the Crypto++ library. Using elliptic curve cryptography, signatures (i.e., authorization codes) can be as short as 28 bytes!
KeyGen is used to generate a pair of keys.
$ ./KeyGen Private Key = MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6sUVm9Ip62Fp/g067jeA== Public Key = MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEgCFFicCn25bbndK3uqwcrx93mQx9KQQ9BAjn2w==Then the user’s name and E-mail address (say) can be signed with the private key, resulting in the authorization code.
$ ./Signer MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6sUVm9Ip62Fp/g067jeA==\ 'Andrew Choi; akochoi@shaw.ca' Signature = TJZ4BCE7J3ZK95TUXU2BE97W8HB4DUMYFIBN4ENNJFG66In the shareware program, the user name and E-mail address can then be verified using the public key.
$ ./Verify MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEgCFFicCn25bbndK3uqwcrx93mQx9KQQ9BAjn2w==\ 'Andrew Choi; akochoi@shaw.ca'\ TJZ4BCE7J3ZK95TUXU2BE97W8HB4DUMYFIBN4ENNJFG66 Verification result = OKNice, isn’t it? Except I can’t use these programs! The binaries resulting from linking with
libcryptopp.a are simply too big! After stripping, they are 2.5M bytes each. It doesn’t make sense to hide a 1M byte application with 2.5M bytes of encryption code (or does it :-)?). I’ll just have to find another way.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat | |
| 1 | 2 | 3 | 4 | 5 | 6 | • | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 | ← |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 | • |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 | • |
| 28 | 29 | 30 | • | ||||
| Oct Dec |
Lists
Less-Known Facts About Emacs
Chinese Restaurants in Calgary
Calgary/Banff Tourist Attractions
Top-10 Reason I Stopped Working on Emacs
Misc