[Botan-devel] Decrypt signature
Jack Lloyd
lloyd at randombit.net
Mon Feb 12 16:59:19 EST 2007
On Mon, Feb 12, 2007 at 02:57:28PM +0100, Stefan Misslinger wrote:
> Is it possible to decrypt the signature and therefore reconstruct the
> encrypted(signed) AES key?
At a purely technical level, yes, one can recover the signed message
with RSA (depending on the padding scheme). However I would argue for
a different solution (see below).
> As far as I've seen its only possible to verify if the signature is
> correct. I didn't find any example how to recover the message as well.
This is not at all a normal mechanism, so you'll have to write some
code to call to the RSA objects directly. If you examine
src/pubkey.cpp you'll see the basic methods, especially you'll want to
look at PK_Encryptor_MR_with_EME::enc and
PK_Decryptor_MR_with_EME::dec
> For the application to decrypt the files, we had to integrate the
> private key also into the source code.
> In the case someone would manage to extract the key from the source,
> we want to prevent the attacker from being able to create his own
> encrypted files.
I take it you are not worried about an attacker being able to generate
a new encrypted key for a modified binary (since no matter how you
transfer the key, the attacker could always swap out the RSA key and
generate files that the particular binary in question would accept).
So why not both encrypt the key (with the private key remaining
embedded in the binary) and in addition sign the encrypted key (with a
private key that is not stored in the binary, but only some safe
place). An attacker will not be able to generate a valid signature for
the encrypted key packet, so an unmodified binary won't accept it. A
modified binary (changed the key, or simply NOP out the signature
check) might, but it seems infeasible to stop that without hardware
support no matter what system you use.
I haven't had much time to think this through, I'm in the middle of a
move and am currently typing this on laptop sitting on the floor of an
entirely empty apartment. It may take me a while to reply to any
further questions you have but I will get to them as soon as I can.
Thanks,
Jack
More information about the botan-devel
mailing list