Authenticating a Server with Digital Signatures

I understand how Non-repudiation and Integrity are achieved with Digital Signatures, but it's the Authentication that I don't grasp yet.

I'm developing a Client-Server appl开发者_运维百科ication in C#, that should be capable of Authentication with Digital Certificates and Digital Signatures. I know how to check the validity and integrity of a Signature (with SignedCms.CheckSignature()), but how does this authenticates any of the parts involved?

For example:

1. The client asks the Server for a Digital Signature,
2. The client receives the signature and validates it,
3. If the validation succeeds, continue.

The client could be a victim of a man-in-the middle attack and receive a valid signature in step 2. The validation would succeed, but the client wouldn't be talking to the right server.

What am I missing?

You're missing trust of the signing certificate.

Consider SSL certificates, they have a signing path to a root CA which is trusted by Windows (or whatever OS). If the MITM presents a self signed cert, or one produced by an untrusted CA then it gets rejected by the browser and a warning is displayed. So a certificate is only trusted if it's issued by a CA that you know, or chains up to one you know.

For self signed certs it becomes more complicated, you need to securely exchange the key fingerprint, serial number or other constant identifier and validate that the signing key is in fact one you expect - one reason why self signed certs generally shouldn't be used for public facing web sites or other services.

So if there's an MITM attack, and the signature from the original machine is stripped, the message changed, and then resigned using an unknown certificate as long as you check the identity of the signing cert against something you trust then you'll reject the resigned message.

(in reality it gets more complicated, but you get the point I hope)

They could only receive a valid signature if the man in the middle possesses the private key with which to sign the request. I think the key thing you may be missing is that altering any aspect of the item which is digitally signed would invalidate the signature. The man in the middle can re-submit the request, but if they change it, the signature validation will fail.