Codesigning SWF?

AIR allows to inject code using Loader.LoadBytes()

this allows to download remote plugins as swf files which will have full access to everything that the AIR application has access to. This imposes a security risk, so it would be desirable to digitally sign the swf's.

What's the best way to do this and to verify the code signature?

I know the as3corelib has some encryption functionality and also for X.509 certificate - but I didn't find a ressource explaining how to use it. Also, maybe there's some 'official' way to codesign SWF's?

One robust method is using public key encryption, which goes something like this:

You will need an asymmetric encryption algorithm (eg, RSA), and a hash algorithm (eg, SHA, MD5).
Generate a public-private key pair.
Generate and checksum of the data using the hash algorithm.
Encrypt the checksum with the private key using the encryption algorithm. This becomes the "signature".
Send the data to the client along with the signature.
Decrypt the signature on the client with the public key to obtain the original checksum.
Generate a checksum from the data on the client.
Compare the checksums. If they match, then you know that the data came from you without alterations. If they do not match then you know the data was altered after it was sent from you, or it came from someone else.

See http://en.wikipedia.org/wiki/Public-key_cryptography

An attacker can bypass this security if they are able to intercept the connection and modify the original client SWF file and either change the public key, or remove the security mechanism entirely. Use TLS or SSL to prevent attackers intercepting the data.

An x.509 certificate is little more than a public key bundled with some meta-data. The standard also specifies a mechanism for validating the certificate, by relying on a certificate authority (CA) (see http://en.wikipedia.org/wiki/X.509).

The AS3Crypto library provides (amongst other things), an implementation of RSA, MD5, and an x.509 parser (see http://code.google.com/p/as3crypto/).

Here is some code. The signing process entails computing the hash of the data, then signing it with the private key to produce a signature, eg:

var rsa:RSAKey;
var md5:MD5;
var data:ByteArray = getSWFBytes(); 
var signature:ByteArray = new ByteArray();
var originalHash:ByteArray;


// read private key
rsa = PEM.readRSAPrivateKey(private_key);

// create the checksum of the original data
md5 = new MD5();
originalHash = md5.hash(original);

// encrypt the data using the private key
rsa.sign(data, signature, original.length);

The data and signature are sent to the client. The client decrypts the signature using the public key stored in the cert and compare it to the computed hash of the data, eg:

var rsa:RSAKey;
var md5:MD5;
var data:ByteArray = getSWFBytes(); 
var signature:ByteArray = new ByteArray();
var decryptedHash:ByteArray = new ByteArray();
var clientHash:ByteArray;

// load the certificate
var cert:X509Certificate = new X509Certificate(public_cert);

// get the public key from the cert
rsa = cert.getPublicKey();

// decrypt the signature with the public key
rsa.verify(signature, decryptedHash, encrypted.length);

// create a hash of the data
md5 = new MD5();
clientHash = md5.hash(data);

// compare the hashes
// isEqual compares the bytes in the input byte arrays, it returns true only of all bytes in both arrays match
if (isEqual(clientHash, decryptedHash))
    trace("signature valid");
else
    trace("signature invalid")

You can check if the certificate is signed like this:

var store:X509CertificateCollection = new MozillaRootCertificates();
var cert:X509Certificate = new X509Certificate(public_cert);
var isValid:Boolean = cert.isSigned(store, store);

You can load the raw SWF bytes like this:

var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.BINARY;
loader.addEventListener(Event.COMPLETE, completeHandler);
loader.load(new URLRequest(url_of_swf_to_load));

Example x.509 private key (usually created when you apply for a certificate):

Example cert:

Both examples were taken from as3crypto.