问题
there are several components of my application, needs their communication secure in the sense Origin Verified. these components cannot share a common secret. So I have to opt for asymmetric key encryption. assuming I've two components A and B A sends some data F to B and B has to verify that it really came from A
A generates digest H of F with its private KeyA attaches A_pub, H to its request Parameters, sends F and declares origin/sender as A B verifies the digest H with the A_pub provided against F
apparently it looks Okay But if some other component V does the same with V_pub and claims itself as A, B still thinks the request came from A as this H is made with V_prv openssl verifies Okay.
I want to give protection against this attack of V
I am using ecparam secp112r1 to minimize key length. and keys are repeatedly changed.
-- EDIT --
A, B and V are application components identified by unique URI. Its currently intended to constraint secure page flow. e.g. you can assume A, B, V be urls What I want is Only A can procced to B and only B can proceed to C .... and I don't want to maintain a global/application wide session for that. so If B can just verify the origin of this link based on the special parameters A have passed to it in a state/session-less manner. and the more generic it can be the more reusable it will be to implement in other scenarios too.
Once I thought to maintain a checksums of A_pub in a trusted global storage. however I am afraid wouldn't that be an over engineering ?
another way comes in my mind is to query back the origin url regarding the public key. However I want to avoid that.
回答1:
This technique cannot verify the identity of the sender, only that the keys are a matching pair.
Typically, B would already possess some piece of trusted information that it can use to validate A's identity. The information is generally a copy of A_pub that it had previously validated, or that has been signed by a trusted third party, in which case B must have access to that third party's public key.
Without this additional information, B cannot verify the identity of A.
来源:https://stackoverflow.com/questions/9957562/openssl-phishing-v-claims-to-be-a