In order to issue an update of one or more books, a publisher just has to create a new catalogue and include the hashes of the books in it, then generate a new keypair and include the public part. The catalogue is now signed and made available for download together with the new book.
A user can choose which books he wishes to download and update. He must first download a catalogue and verify its signature. Then he can start downloading all or some of the books in the catalogue. Once these books have been downloaded and their integrity checked, the local index of books is updated and a checksum retained locally using 3-DES encryption and a passphrase, signed using a new one-time key pair.