Igotu2gpx should sign the tracks it downloads.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
igotu2gpx |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
For international cross-country paragliding (and hangliding and sailplane) competitions GPS tracklogs are accepted as "proof" that the submitter performed the claimed flight.
Ideally the GPS unit has a private key, that it uses to sign the tracks downloaded. Verification programs will then use the proper publik key to verify the signature.
In practise lots of GPS units don't have the smarts to do public key cryptography. So the manufacturer will insert such a cryptographic signature while downloading from the device. The "downloading program" then signs that "it's a real track downloaded from a real device", and that it hasn't been tampered with.
It is tricky to do this in an open source program. But IMHO it's possible. Of course, the "public binary" must contain the private key to the signature. The same holds for the public binary of the closed source downloading programs.
The trick is to have the maintainer enter the private key manually when generating official binaries. Unofficial binaries will not be able to verify with the official check program.
If you need help on implementing it, or the launchpad.net work flow for branching, merging, patch-reviewing etc., just ask!