2

Much like a Java JAR can be signed, can a SWC be cryptographically signed, and that signature find its way into in the finished SWF?

I asked because I need to supply a SWC file along with its Flex sources to a 3rd party.

To guard against changes to the sources, I also need to assert that the supplied SWC is the one linked into a finished SWF, rather than the (possibly amended) sources.

Is there a means of doing this using the Flex toolchain?

Martin Cowie
  • 2,788
  • 7
  • 38
  • 74
  • Is the third party going to be compiling the finished SWF using your library? – Brian Dec 12 '14 at 17:53
  • Yes, they shall be. I need to assert the supplied SWC file is used, rather than the ActionScript sources. The former is read-only, the latter are not. – Martin Cowie Dec 12 '14 at 20:09
  • What form will this assertion take? Do you need a way to detect whether the finished SWF used your SWC, or are you looking for some method to make sure that the finished SWF only works with your SWC, or something else? I'm not sure whether this is even possible, given that an untrusted party is creating the SWF. Any runtime verification code can be rewritten. – Brian Dec 12 '14 at 21:17

2 Answers2

1

The typical way of doing what you're asking is to create an md5 checksum on the swc that you build and send the third party the md5 checksum. The third party can then verify the swc against the md5 to ensure it's a bit for bit perfect copy.

Clintm
  • 4,505
  • 3
  • 41
  • 54
0

There's no support for signing SWC files in Adobe's toolchain.

However, you can easily package your unsigned SWC into a signed jar:

jar -cf mySWCLibrary.jar myLibrary.swc
jarsigner mySWCLibrary.jar myLibraryCertificateAlias

Then the third party can verify the jar; the SWC is covered just like any resource inside a signed jar.

Note that you could also include the finished SWF in the jar file. Any changes to the SWC-supplied classes would result in a different SWF, making it detectable by verifying the jar signature.

Brian
  • 3,850
  • 3
  • 21
  • 37