Secure and authenticate data from server to client
https://stackoverflow.com/questions/10809259
-
11-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I want to send data from server software to client software, encrypted in such a way that only the server (private software) could have encrypted that specific data, but any client can decrypt it.
At first I thought RSA would be a solution, but as I understand it I want to use it backwards: I could encrypt data with the public key on the server, and decrypt on the clients with the private key. That would work fine, except someone could derive the public key from the private key. Is that correct? If so, is there an alternative option?
Thanks in advance.
Solution
What you want to do is to digitally sign the data the server sends. All clients can verify this digitial signature to prove that only the server could have created it.
Here's how it works: Your server computes a hash of the data and encrypts the hash using some private key on the server (The Signing Key). Then the server sends the message (in plain text) and the hash to then client. When the client gets the two pieces of data, they decrypt the encrypted hash using the server's public key (The Verify Key). Now the client can compute the hash of the plain text message themselves, and compare that to the hash the server sent. If the two hashes match, then the client knows that the message must have come from the server and no one else.
Note: You are sending the message in plain text, so there is no confidentiality in this system. This signing mechanism only guarantees integrity and authenticity. If you need confidentiality as well, you can use traditional encryption to encrypt the message instead of sending it in plain text.
TLS does this sort of thing, so you might consider using it as a data channel.
OTHER TIPS
Your requirement is pretty much the text book description of the one-way-authenticated mode of TLS (the former SSL), also called server-side authentication. Basically, that's what happens each time you are on an https web site.
But assuming you know about https, I guess it's not http data you're trying to communicate but some other protocol. That's where TLS shines: it is implemented on the transport layer and therefore agnostic to any application data protocol, you can send arbitrary data over a TLS-encrypted/-authenticated socket.
TLS is battle-tested and pretty much as good as it gets with secure transport protocols. Anything you roll on your own is very likely to be less secure - secure protocol design is among the hardest things to get right.
