Upon successful download of a discovered update, the downloaded file is verified to be intact and that it came from the same publisher that supplied the application being updated. This is accomplished using the RSA Crypto Service Provider Sign Data functionality. When a new Update Project (aup) is created using the Make Update application, an RSA public-private key pair is created. The private key is used to sign the update package after it is built. The public key is placed in the PublicKey property of the Update Controller.
When a new update package is created, the resulting file is signed using the RSA Crypto Provider and the private key of the update project. The signature of the package is placed in the Director file to be provided to the application while downloading an update.
When the hosted application downloads the update package, the signature and public key are used to verify that the downloaded file has not been changed, and that it came from a source that had the proper private key. If any changes were made to the file, or if the update package had been created without the appropriate private key, the verification will fail and the update package is discarded.
Note: This verification process assumes the sanctity of the private key. If a private key is compromised, AppLife Update would not be able ensure the update package file originated with the original software publisher.