Securing the Identity of the Source

Question

Alice wants to know from Bob the location of a sensitive resource. Bob Kindly tells Alice the location, but how can Alice be sure of the identity of Bob?

Bob is a OpenBSD server, and the source of data is a Python/C++ App.

My Idea was:

Alice Knows Bob's public Key.

Alice encrypt a random string with Bob's Public Key, and send it to Bob.

Bob recover the random string, and hash it. Bob send back the sensitive resource, along with the hash.

The problem of this method is: Can I safely store a private key on Bob (the server)? How? Is there a better solution?

Answer 1

If Bob doesn't have a private key, then what else does Bob uniquely know that it can use to identify itself? And if you can't trust Bob to keep its private key safe, you're sunk no matter what you do.

If it's worthwhile spending the extra money, one thing you could do is have another machine (call it Cipherclerk) that is not online, can communicate only with Bob, and will only make certain kinds of communications. Cipherclerk holds the private key, and uses it to decrypt things for Bob. Then, even if Bob is compromised remotely, at least the private key isn't compromised with it.

An enhancement to your idea would be to have Bob use Alice's random string as a symmetric key to encrypt the resource.

Answer 2

This method is completely insecure if someone can mount a man in the middle attack. Mallory, the attack, can simply strip the the sensitive information out, substitute it with hers, and forward it on to Alice.

The solution is to use TLS or SSH. In either case, make sure Alice has bob's public key or key fingerprint. This is a widely used solution and is secure assuming no one can change the data Alice stores or read the data bob stores.