Info for Developers
Verifying digital signatures
Overview
This shows how to verify the digital signature of the save file Stats.xml on a USB memory card.
- The instructions below use Java to verify the signature. Examples in several other languages are avaialable here (http://cvs.sourceforge.net/viewcvs.py/stepmania/stepmania/src/verify_signature/).
- The instructions below work on Windows, Linux, or Mac.
- You can easily call the Java verifier from PHP or Perl using the function called system (http://us2.php.net/manual/en/function.system.php). Examine the string return value to determine whether the verification succeeded or failed.
- These instructions work for both ITG1 and ITG2 saves.
Requirements
- Install the Java runtime.
- Windows users can download the Java SDK here (http://java.sun.com/j2se/1.4.2/download.html) to get the Java runtime and other tools.
- Most Mac and Linux systems will already have it installed.
- Download the Java program VerifySignature.class (http://www.roxorgames.com/wiki-files/VerifySignature.class).
- Download ITG data public key file, public.rsa (http://www.roxorgames.com/wiki-files/public.rsa)
Instructions
Verify that the java runtime is installed by running the command line command:
java
If help text is displayed, then you have the Java runtime installed.
Plug in your USB memory card, then copy the ITG data file public key (http://www.roxorgames.com/wiki-files/public.rsa) to the In The Groove or In The Groove 2 directory on your card.
From the command line, change to the In The Groove or In The Groove 2 directory on your card.
Run the following command:
java VerifySignature public.rsa Stats.xml Stats.xml.sig
If Stats.xml and Stats.xml.sig are unmodified from when In The Groove wrote them, you will see:
The signature is valid.
If either file has been tampered with, you will see:
The signature is not valid.
