Add signing to ZIM files to attest the origin of the archive #21

mofosyne · 2025-03-26T12:27:31Z

mofosyne
Mar 26, 2025

How much would it be to extend the ZIM format to include some form of cryptographic public/private key attestation that the ZIM archive has not been tampered with and has been generated from a trusted source.

This will be very useful for distributing stuff like wikipedia dumps over flash drives in a way that can be verified to be trusted.

rgaudin · 2025-03-26T13:04:36Z

rgaudin
Mar 26, 2025
Maintainer

Couple infos (not responding to your question)

ZIM files include a checksum already, I believe to prevent accidental alteration to files.
It's not displayed in Kiwix readers AFAIK
It's not displayed next to downloads
There's a zimcheck binary that returns whether the ZIM data matches the in-ZIM checksum.
zimcheck is not included in Kiwix readers AFAIK.

0 replies

mofosyne · 2025-03-29T01:33:53Z

mofosyne
Mar 29, 2025
Author

Looks like this is already a known request openzim/libzim#40 on the backend

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kiwix

Add signing to ZIM files to attest the origin of the archive #21

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Kiwix

Add signing to ZIM files to attest the origin of the archive #21

Uh oh!

mofosyne Mar 26, 2025

Replies: 2 comments

Uh oh!

rgaudin Mar 26, 2025 Maintainer

Uh oh!

Uh oh!

mofosyne Mar 29, 2025 Author

mofosyne
Mar 26, 2025

rgaudin
Mar 26, 2025
Maintainer

mofosyne
Mar 29, 2025
Author