Project: Signing & Verifying Patches
IMPORTANT: after signing an XML file, changing even a single letter in that file will invalidate its signature. Thus, if you change your VersionInfo and/or PatchInfo'es after signing them, you need to sign them again.
Prior to signing the patch files, make sure that a copy of your private RSA key is located at Other\private.key in your project directory.
Click here to show/hide
Use the Patcher project_sign_xmls command. It takes the following arguments:
- projectRoot: path of the project's directory
- ignoreVersionInfo: (optional)(flag) VersionInfo will not be signed
- ignorePatchInfos: (optional)(flag) PatchInfo'es will not be signed
- silent: (optional)(flag) progress will not be logged to the console
Example: Patcher project_sign_xmls -projectRoot="C:\MyProject"
Click here to show/hide
Namespace: SimplePatchToolCore and SimplePatchToolSecurity
bool signVersionInfo = true;
bool signPatchInfos = true;
ProjectManager project = new ProjectManager( projectRoot );
SecurityUtils.SignXMLsWithKeysInDirectory( project.GetXMLFiles( signVersionInfo, signPatchInfos ), project.utilitiesPath );Click here to show/hide
Simply open the Window-Simple Patch Tool window, enter the project directory's path and click Sign XMLs.
To verify the VersionInfo and/or PatchInfo files while patching the application, make sure to register to SimplePatchTool's UseVersionInfoVerifier/UsePatchInfoVerifier functions with XMLSigner.VerifyXMLContents(string xml, string rsaPublicKey). Which means that you need to embed your public RSA key into your application (you can store it in a public string constant, for example).
Prior to publishing a new patch with signed XMLs, you are recommended to verify your XML files' signatures using one of the following methods. But first, make sure that a copy of your public RSA key is located at Other\public.key in your project directory.
Click here to show/hide
Use the Patcher project_verify_xmls command. It takes the following arguments:
- projectRoot: path of the project's directory
- ignoreVersionInfo: (optional)(flag) VersionInfo will not be verified
- ignorePatchInfos: (optional)(flag) PatchInfo'es will not be verified
- silent: (optional)(flag) progress will not be logged to the console
Example: Patcher project_verify_xmls -projectRoot="C:\MyProject"
Click here to show/hide
Namespace: SimplePatchToolCore and SimplePatchToolSecurity
bool verifyVersionInfo = true;
bool verifyPatchInfos = true;
string[] invalidXmls;
ProjectManager project = new ProjectManager( projectRoot );
if( !SecurityUtils.VerifyXMLsWithKeysInDirectory( project.GetXMLFiles( verifyVersionInfo, verifyPatchInfos ), project.utilitiesPath, out invalidXmls ) )
{
Console.WriteLine( "The following XMLs could not be verified:" );
for( int i = 0; i < invalidXmls.Length; i++ )
Console.WriteLine( invalidXmls[i] );
}
else
Console.WriteLine( "All XMLs are verified..." );Click here to show/hide
Simply open the Window-Simple Patch Tool window, enter the project directory's path and click Verify Signed XMLs.