BookVerify
Cryptographically sign Written Books to verify the authenticity of their title, author, and content.
Use Case
If you are running a server where players have access to Creative-Mode*, it is possible to easily edit a (signed) Written Book's information such as the title, author, and content. For example, players can spoof a Written Book's author and accuse someone else of writing malicious content within the book. BookVerify is a solution to this problem. Players are easily able to know if a Written Book has been spoofed/forged.
*This plugin is only needed for Creative-Mode servers. Modifying Written Books and their content when in Survival-Mode is not possible without additional server plugins.
Written Book with Original Content
![[IMG]](https://i.imgur.com/RLJVQzg.png "[IMG]")
Written Book with a Forged Author
![[IMG]](https://i.imgur.com/Rlnqm3D.png "[IMG]")
How It Works
BookVerify adds an additional NBT tag to Written Books when they are signed by a player. This NBT tag contains encrypted information about the original title, author, content, and even the time of signing.
BookVerify will alert players either in chat or via Action Bar (configurable). BookVerify can also remove the forged book (configurable).
Before Installing
There is a key concept to understand before you install this plugin. Being-that Written Books created before BookVerify was installed do not have a cryptographic signature. This means these books will be deemed as "unsigned." When opening these books, players will receive a message letting them know that the book is not verified and the contents may have been changed. This is different from a known forged book - one with a cryptographic signature that does not match up to it's current title, author, contents.
Players can add a cryptographic signature (verify) an already Written Book with a command. See below.
After Installing
BookVerify uses an encryption key to sign the books. This key (by default) is located in `./plugins/BookVerify/signed_book_secret.key` and also backs-up to each of your world directories, e.g.: `./world/signed_book_secret.key`
You can disable this back-up feature in the configuration.
If you lose this encryption key, BookVerify will not be able to verify previously signed Written Books. Make an additional backup!
Commands
/bookverify - Information about the plugin
/signbook - Cryptographically sign a Written Book. The Written Book must have the same author as the player running the command
/signbook <username> - Cryptographically sign a Written Book as another user. Requires permission `bookverify.sign.other`
Issue Reporting / Feature Requests
I am happy to fix any issues you may have or implement features, so long as they are reasonable. Please create an issue on GitHub, reply to this resource thread, or DM me here on SpigotMC.
Metrics:
Nope
Auto Updater:
No way
Cryptographically sign Written Books to verify the authenticity of their title, author, and content.
Use Case
If you are running a server where players have access to Creative-Mode*, it is possible to easily edit a (signed) Written Book's information such as the title, author, and content. For example, players can spoof a Written Book's author and accuse someone else of writing malicious content within the book. BookVerify is a solution to this problem. Players are easily able to know if a Written Book has been spoofed/forged.
*This plugin is only needed for Creative-Mode servers. Modifying Written Books and their content when in Survival-Mode is not possible without additional server plugins.
Written Book with Original Content
Written Book with a Forged Author
How It Works
BookVerify adds an additional NBT tag to Written Books when they are signed by a player. This NBT tag contains encrypted information about the original title, author, content, and even the time of signing.
BookVerify will alert players either in chat or via Action Bar (configurable). BookVerify can also remove the forged book (configurable).
Before Installing
There is a key concept to understand before you install this plugin. Being-that Written Books created before BookVerify was installed do not have a cryptographic signature. This means these books will be deemed as "unsigned." When opening these books, players will receive a message letting them know that the book is not verified and the contents may have been changed. This is different from a known forged book - one with a cryptographic signature that does not match up to it's current title, author, contents.
Players can add a cryptographic signature (verify) an already Written Book with a command. See below.
After Installing
BookVerify uses an encryption key to sign the books. This key (by default) is located in `./plugins/BookVerify/signed_book_secret.key` and also backs-up to each of your world directories, e.g.: `./world/signed_book_secret.key`
You can disable this back-up feature in the configuration.
If you lose this encryption key, BookVerify will not be able to verify previously signed Written Books. Make an additional backup!
Commands
/bookverify - Information about the plugin
/signbook - Cryptographically sign a Written Book. The Written Book must have the same author as the player running the command
/signbook <username> - Cryptographically sign a Written Book as another user. Requires permission `bookverify.sign.other`
Issue Reporting / Feature Requests
I am happy to fix any issues you may have or implement features, so long as they are reasonable. Please create an issue on GitHub, reply to this resource thread, or DM me here on SpigotMC.
Metrics:
Nope
Auto Updater:
No way
![AdvancedAntiVPN - Prevent Bad Actors ☄️ Security EVERY Server Needs ☄️ [1.8.x - 1.20.x]](/data/resource_icons/4/4150.jpg?1673037113){kind=icon}
