The problem is how do I securely store this file so the client can't tamper with it. If the client can just open the text file and change the timestamp, the program could be tricked into thinking it never has to sync.
I have considered the following:
- Some way of signing the file to ensure the authenticity.
That would be the closest; the obvious way would be if the server had a private signature key, and the program had the corresponding public key. Then, when you are connected, the server could sign the current time stamp, and send that time stamp and signature to the client.
Then, when the client cannot connect, he then checks the more recent time stamp/signature that was downloaded, and verify that signature (using the public key that's installed with the client); if that validates, then you check if the time stamp is no more than five days old.
In addition, you can include a hash of some relevant files (ones that the client should not modify) in with what the server signs; at verification time, the client would hash its copies of the files and include that in the verification.
The attacker cannot modify the time stamp, because he cannot modify the signature (and have it verify); he can replace the timestamp/signature with a previous one, however that wouldn't gain anything.
Possible ways to attack this:
Modify the 'current time'; most OS's allow you to set the time to whatever the user wants. This assumes a validated (if not particularly precise) timestamp.
Modify the program (either to modify the public key, or more likely, replace the validation logic with something that always says 'it's valid). That's always an issue when you're running in an untrusted compute base.