igotu2gpx team mailing list archive

[Michael Hofmann <mh21@xxxxxxxxx>]

If you need help on implementing it, or the launchpad.net work flow for
branching, merging, patch-reviewing etc., just ask!

** Changed in: igotu2gpx
   Importance: Undecided => Wishlist

** Changed in: igotu2gpx
       Status: New => Confirmed

-- 
Igotu2gpx should sign the tracks it downloads. 
https://bugs.launchpad.net/bugs/397171
You received this bug notification because you are a member of
MobileAction i-gotU USB GPS travel logger Mac/Linux developers, which is
subscribed to igotu2gpx.

Status in MobileAction i-gotU USB GPS travel logger Mac/Linux support: Confirmed

Bug description:
For international cross-country paragliding (and hangliding and sailplane) competitions GPS tracklogs are accepted as "proof" that the submitter performed the claimed flight. 

Ideally the GPS unit has a private key, that it uses to sign the tracks downloaded. Verification programs will then use the proper publik key to verify the signature. 

In practise lots of GPS units don't have the smarts to do public key cryptography. So the manufacturer will insert such a cryptographic signature while downloading from the device. The "downloading program" then signs that "it's a real track downloaded from a real device", and that it hasn't been tampered with. 

It is tricky to do this in an open source program. But IMHO it's possible. Of course, the "public binary" must contain the private key to the signature. The same holds for the public binary of the closed source downloading programs. 

The trick is to have the maintainer enter the private key manually when generating official binaries. Unofficial binaries will not be able to verify with the official check program.