ArmA: Addon Signatures
Addon signatures are a way to reduce cheating in Armed Assault. They are used to detect data files modified by anyone else but the addon creator. They are based on strong cryptographic principles (private/public key pairs), therefore hacking around them is very hard.
Addon is signed by its creator using a private key, while the public key is used by the game to verify that the addon has not been modified.
- Checked server: a server with signature verification on
- Unchecked server: a server with signature verification off
- Accepted signature: on of the signatures defined by the server as trusted
What is checked
Player connecting to a checked server is allowed to have present only addons which are signed by accepted signature. Any player not complying to this is detected, and based on server configuration a message in this sense may be displayed, or he may be kicked out, or another action defined by the server admin may be done.
Player cannot do any of the following is he want to pass signature verification:
- modify signed addons
- having unsigned addons present
- having addons which are signed, but not by an accepted signature
If player wants to use unsigned addons when playing single player or when playing on other servers not testing for this, he needs to make sure such addons are not loaded before connecting to the checked server. This can be done using modfolders or by using some 3rd party addon management utilities.
Controlling addon signature verification on the server
If a server admin decides addon signatures should be verified, he should add a following line to the server.cfg file:
Server admin can decide which addon makers he considers trustworthy by placing their public keys in the "keys" directory. Note: as of writing, the only existing signature is the Bohemia Interactive one, called bi.bikey. This should change once DSSignFile and FileBank utilities are released.
Signing addons is done using DSSignFile utility. A private key is needed for this.
Addon makers need to make sure their private keys are not leaked.