Incorporation of SEB Application Code Signatures into X-SafeExamBrowser-RequestHash
HTTP Header
#337
Unanswered
mohammad-aliB
asked this question in
Q&A
Replies: 1 comment
-
Calculating and incorporating the code signatures of the SEB application into the BEK is not part of the publicly available open source code of SEB. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The browser exam key feature documentation SEB-Specification-BrowserExamKey states the following "That’s why the base for a Browser Exam Key is a code signature of the whole SEB application (binaries and resources)"
Reviewing the codebase, the generation of the Browser Exam Key occurs in the
SEBBrowserController.m
file, specifically in thebrowserExamKeyForURL
class. This class makes use of theself.browserExamKey
variable, which is retrieved from theorg_safeexambrowser_currentData
preference.In the
SEBCryptor.m
file, a dictionary is filtered to only include keys prefixed withorg_safeexambrowser_SEB_
(Lines 254-280). A new Browser Exam Key is then generated using a new salt in combination with this filtered list, as seen in thechecksumForPrefDictionary
method.At which point in this process are the code signatures of the SEB application calculated and how are they incorporated into the
X-SafeExamBrowser-RequestHash
HTTP header?Beta Was this translation helpful? Give feedback.
All reactions