I have a server with a known public key: P. User u needs to send the server some data. Therefore, he sends (data) encrypted with P along with sha256(data) as the signature. A. is this secure? B. Is it an information leak transmitting the hash in plaintext? All types of attacks welcome. Note: man in the middle should be no better than man pretending to be.
As far as I see it, if the data is changed the attacker cannot recompute the correct hash of the开发者_如何转开发 new text. If new data is created to replace the given information then we have man pretending to be. If the hash is dropped or is incorrect then the server errors. Am I missing something? Should the hash be included in the encrypted information?
Thanks!
I have a server with a known public key: P. User u needs to send the server some data. Therefore, he sends (data) encrypted with P along with sha256(data) as the signature.
- A. is this secure?
- B. Is it an information leak transmitting the hash in plaintext? All types of attacks welcome.
Note: man in the middle should be no better than man pretending to be.
What you've built here is something like MAC and encrypt, except instead of a MAC it's just a hash function. That's not a good design.
Instead, use a dedicated sealing API (sodium_crypto_box_seal()
, openssl_seal()
, etc.) that abstracts the complexity away and exposes simply secure public-key encryption (using an AEAD mode).
If you want to separately send sodium_crypto_sign_detached($message, $signingKey)
to the server, that's fine too.
If it's for data transfer, check out PHP's Mcrypt extension. I used it in a project last year where a PHP-based social networking website needed to pass data securely to and from an external reporting system written in C#.
精彩评论