We need an example of code for downloading a page or a file using the https protocol with authenticity check, that is, so that it would not be possible to hook into the session and fake the answer. The whole thing will be on Delphi 7, but it will suit you, and the code on C can use winapi (Win7 +) and / or openSSL dll.
- 2HttpS, actually for this purpose was created to spit on the mitm - AseN
- fourAny download code via https with standard certificate verification settings - chain trust (chained to reliable sources) + revocation lists (revoked certificates) provides protection against MITM. No additional gestures to protect against MITM are required. - PashaPash ♦
- Obviously, not any. In addition, for this, at least a server-side certificate chain must be configured and the owner can access the CA. And if we are talking about an arbitrary https-site, then your arguments are generally delusional. - mega
- one@mega chain trust is checking certificate chains up to CA. Yes, for self-signed certificates and other custom crutches, this method will not work. And yes, it requires properly configured https and working https on the server side. Those. for an "arbitrary" https site designed for a wide audience - chain trust + RL work. for custom with self-subscription - no. - PashaPash ♦
|
1 answer
It will be enough to make additional verification of the public key of the server.
The idea is that the client should be aware that there is no stranger on the server side, since MITM's task is to change the public key for the client, which the client encrypts with the pre master secret.
If you know the private key of the server in advance, then MITM is not terrible to you , because You can easily check if the public key received from the server side matches your previously known private key.
This is easy to do if you take an arbitrary string, encode it with a public key, and decode it private (known to you in advance). If you have not received the original string, you can signal the user about the MITM attack and take appropriate actions.
I do not give the code, because the solution is too specific and in my opinion requires some kind of ready infrastructure, which I do not have right now. Perhaps later, when it will be time and opportunities.
But if you provide your code or API that can monitor SSL for you, in particular, the Server Certificate package, I will provide the minimum algorithm for working with OpenSSL.
In most cases, the private key will not be available to you. It is logical that he is “private” in order to guarantee the security of only the dialogue, and not the whole chain of intermediaries involved in the “conversation” anyway.
Therefore, I will give another Pts. A good option, the so-called. - certificate authority .
In this configuration, to authenticate the certificate, the server owner issues 1 its root certificate (CA) to its users. The essence of this protection is that any server certificate is digitally signed, which can be verified by this CA.
Of course, OpenSSL also has an API for this case, but I have not yet come across the need for such verification, so I’ll not tell you about the code yet, but you can easily google it using the keywords openssl api verify ca.
A simpler option is to use openssl directly :
$ openssl verify -verbose -CAfile cacert.pem server.crt server.crt: OK but it will require client-side openssl binaries.
1 A CA certificate is sent to the client in any way possible, for example: sent by mail, or laid out in public access on the owner’s website, or installed in the certificate store on the client’s side via the installer — there are lots of options, the main thing is that it is available to the client at the time of establishing the connection with server.
Since the answer was a victim of moderator arbitrariness, and all my comments someone carefully drank into the chat, leaving only the "correct". I cite the main arguments in the answer itself:
- This mutilated moderator is my second answer. My first answer was given to explain how a private key protects against MITM (and the moderator merged this second thoughtlessly with the second). My second answer was given to show a way invented specifically to prevent MITM.
- Discussion about the wrong actions of the moderator on the weather .
- Discussion on a similar issue with a general meta (thank @Sasha Chernykh for the information)
- I hope the common sense of community members will win unqualified behavior of the administration.
Community spirit ♦
one
mega mega
4,966 one 14 38
- 6If you know in advance the private key of the server — something that should never happen in asymmetric encryption ... you should either know the public key in advance (and the fact that it belongs to that party), or get the key from the outside and prove it by signing "trusted parties". - D-side
- fiveYes. Knowing the private key of the “second side” to combat the MITM is redundant and exposes this private key to an additional risk of disclosure without a good reason. - D-side
- Comments are not intended for extended discussion; conversation moved to chat . - Nicolas Chabanovsky ♦
- 2Anonymous cons are bad. I minus the merged answer for the second option - with the transfer of CA. He (1) gives the impression that additional actions are necessarily needed to protect against MITM (although in the case of the usual https to the usual website on the Internet this is not the case - the infrastructure for chain trust + CA is already embedded in the OS / browser). and (2) when applied, the client begins to trust in general all the certificates that he wants to generate to the server owner. those. the owner will be able to arrange for you MITM on any site. Putting the CA "from the owner’s site" is a cross on client security. - PashaPash ♦
- oneI vote for the deletion of this answer, because, firstly, it has unrecoverable problems with the design (the author refuses to improve it); secondly, it is filled with harmful advice (what its rating indirectly indicates); thirdly, it does not answer the original question (there was a request for sample code in the question - which is not observed in the answer). - Pavel Mayorov pm
|