开发者

DSA: What can a hacker do with *just* a public key?

The shareware registration system I'm currently developing embeds the public DSA key in the executable itself, and the private key resides on a server. (For the sake of discussion let's assume that the server is 100% secure, and there is no way for anybody to get their hands on the private key.)

Whenever the program is purchased, the server generates a license for the user by signing the user's name with the private key. That license is then emailed to the user. Once the user manually enters their name and license into the shareware application it is verified by the public key embedded in the application to be a valid or invalid license.

However, it would be fairly trivial for a determined person with the right "know-how" to disassemble the executable and retrieve the public key.

My question here is, what could they do with it? Is a public key, by itself, completely innocuous? Is the public key enough information to reverse engineer a key generat开发者_C百科or?

Curious minds want to know. Thanks in advance!


The public key should get them nothing useful. However, if the check is easily found they might be able to simply circumvent it and patch in a test that always succeeds without ever bothering to verify the license against the public key.


A public key by itself would let them decrypt any encrypted information sent out by the server. That's it. Going from public key to private key is exceptionally hard; that's how public key cryptography works. (By “exceptionally” I mean that it's designed to be resistant to well-funded government efforts; if it keeps the NSA from cracking you, it'll be sure good enough for stopping Joe Blow.)

Note that it doesn't help with DRM, which it sounds a bit like you're trying to do. DRM is just plain broken by design; if the attacker has the information and the key to unlock it in devices local to him, it's already game over. If you give a key to an attacker, it might as well be public since he's sure not going to be willing to keep it secret…


Assuming an as-yet-unbroken encryption method is being used, the public key can not be used to determine the private key. It is meant to be truly public; known by anyone.


Public keys are used everywhere -- logon forms, security of banking transactions, client-side authentication etc. So the short answer is that you shouldn't worry, cause lots of other, smarter people have looked at this problem and accepted the distribution of public keys to endpoints.

What can people tell from your public key? They would obviously know a key name and key length. I assume that the key is part of a certificate, which could also contain some details about your company and website URL.

My questions to you are:

1) Why are you worried about a public key in an executable? Any half-decent cracker would just change your executable to bypass the public key check altogether. The fact that the encryption is strong is meaningless when you're giving a binary to the client that can be modified.

2) Are you aware of the mess you may be getting yourself into? There's nothing inherently wrong with using public key encryption to secure a binary, but you may end up with problems as the system develops. Things such as expired keys, key roll-overs and key issuance (I believe this is a tool you're developing to sell) can become a major pain. And, yet, you'll still be stuck with the reality that your bigger challenge is stopping crackers from just rerouting the binary to avoid your security check altogether.


Just having the public key is not enough information to do anything useful with.

The only thing that could be done is someone could encrypt a message using the public key that could only be decrypted with the private key. But if the private key is only on the server, this will not do anything.

Any other attack would require trying to calculate the private key, which will not be sped up at all by having the public key.


In asymmetric cryptography it is safe to give your public key to an attacker. However, this value, along with a signature or cipher text produced by a private key can be used in Trivial Attack to obtain the corresponding private key.


The point is that this sort of encryption is designed to protect the content of the message and to verify sender authenticity which in this case is clearly known to the user i.e. Name and Vendor etc. Much nicer would be to protect a section of the code with this sort of encryption such that crucial bits of code stays garbled until the proper key is used.

Once the key is used however the user can decrypt and make copies of the software. Fully protected software is fully unusable. Though unrelated this is an interesting read regarding protecting things.


I disagree that the public key is not useful. I generate my own public and private key pair and let us assume that I find the bits of the public key in the executable. I change the the public key to my public key. Now I can sign anything with my private key, the program will accept it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜