outdated code verification key


advanced search

Questions and Answers : Getting started : outdated code verification key

Reply to this thread
Subscribe to this thread
Sort
AuthorMessage
m.somers User profile image
Forum moderator
Project administrator
Project developer
Project tester
Volunteer developer
Volunteer tester
Project scientist
Avatar
private message
Joined: Nov 14, 2005
Posts: 662
ID: 1
Credit: 1,417,572
RAC: 2
Message 4 - Posted 4 Jan 2006 15:21:42 UTC

I sometimes get the following message in red:

\"You may have an outdated code verification key. This may prevent you from accepting new executables. If the problem persists, detach/attach the project.\"

What does it mean and what can I do about it?

m.somers User profile image
Forum moderator
Project administrator
Project developer
Project tester
Volunteer developer
Volunteer tester
Project scientist
Avatar
private message
Joined: Nov 14, 2005
Posts: 662
ID: 1
Credit: 1,417,572
RAC: 2
Message 5 - Posted 4 Jan 2006 15:37:47 UTC

If you read carefully you already know what to do:

\"You may have an outdated code verification key. This may prevent you from accepting new executables. If the problem persists, detach/attach the project.\"

Yes, sir, the fix is easy, just detach and re-attach to the project with the by now well-known URL: http://boinc.gorlaeus.net


No for the reason of this message:

When your boinc client makes a request to the server to get more work, not only work will be sent to your computer (the host), but also an executable to actually *do* the work. Obviously you don\'t trust just any executable to be run on your computer so the client has to verify if the obtained executable indeed originates from the correct server and has not been tamperred with. This is done by \'signing\' the executable. Without going to deep into the RSA public+private asymmetric key encryption stuff; a fingerprint (MD5 hash) is encrypted with the servers private key. The client should be able to decrypt that with the servers public key and check the signature of the executable received. If all goes well, it is clear that the executable is from the real server and has not been twiddled with.

As you can understand now, if the server updates his/hers encryption keys, or you have a corrupted public key of the server, you cannot safely accept new executables cause you cannot verify them at all.

So, if you do want to be able to get the latest and newest and even more-bug-free application executable automatically when there is one, you better make sure your server\'s-public-key is up to date and correct.

Just re-attach to the project and you automatically receive the correct key...


____________
M.F. Somers

Reply to this thread

Questions and Answers : Getting started : outdated code verification key



Return to Leiden Classical main page


Copyright © 2017 Leiden University - Leiden Institute of Chemistry - Theoretical Chemistry Department