How do calculate the

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

How do calculate the

Stokestack
Hi all.

I have an iPhone app that retrieves database info by issuing HTTP GETs to PHP pages on a server.  All I want to do is encrypt the parameters sent in the URL, to prevent people from spoofing our app and abusing our database (most likely with spam).  I've seen people ask this question in forums, and they usually get barraged with questions about why they want to do it, rather than answers.  Let me try to head a few off:

1. It's neither practical nor necessary to maintain sessions on the server.  We're not using cookies, certificates, or HTTPS.  I don't even need the returned data to be encrypted (it's just DB queries coming back as XML).
2. I can't use GnuPG because of its license.
3. I want to use a public-key mechanism because the key will be sent in the clear from DB to app; I don't want to try to hide a private key in the app itself.

As I understand it, the typical procedure is as follows:

1. Generate a random key and initialization vector to encrypt the block of text.
2. Encrypt that random key with the RSA public key.
3. Encrypt the data payload with the random key and IV, using Blowfish or other encryption.
4. Send the encrypted data payload, encrypted random key, and IV to the server for decryption.

I think I'm nearly there: I'm generating a random key and IV; I have the public key coming back from the database and being loaded with PEM_read_bio_RSA_PUBKEY().  Now I guess I need to use the EVP_encrypt functions to encrypt the payload, but how do you calculate the size of the output buffer that's required for the encrypted data?

I assume a normal next step is to add the encrypted key, IV, and encrypted payload as parameters in the HTTP GET and unravel all this using appropriate functions (and the private RSA key) in PHP on the server.  Correct?

Thanks!

Gavin
Reply | Threaded
Open this post in threaded view
|

Re: How do calculate the

Victor Duchovni
On Tue, May 17, 2011 at 02:22:46AM -0700, G S wrote:

> 1. Generate a random key and initialization vector to encrypt the block of
> text.
> 2. Encrypt that random key with the RSA public key.
> 3. Encrypt the data payload with the random key and IV, using Blowfish or
> other encryption.
> 4. Send the encrypted data payload, encrypted random key, and IV to the
> server for decryption.
>
> I think I'm nearly there: I'm generating a random key and IV; I have the
> public key coming back from the database and being loaded with
> PEM_read_bio_RSA_PUBKEY().  Now I guess I need to use the EVP_encrypt
> functions to encrypt the payload, but how do you calculate the size of the
> output buffer that's required for the encrypted data?

The CMS support in OpenSSL nicely packages-up all the required features,
generating a binary (or S/MIME, but you probably want binary) structure
that contains the encrypted key and encrypted payload.

If you are using OpenSSL 0.9.8 (1.0.0 is better), see CMS_Encrypt(1),
and for example usage, read the code in apps/cms.c.

        man cms
        man CMS_encrypt

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How do calculate the

Kushal Kumaran-5
In reply to this post by Stokestack
On Tue, May 17, 2011 at 2:52 PM, G S <[hidden email]> wrote:

> Hi all.
>
> I have an iPhone app that retrieves database info by issuing HTTP GETs to
> PHP pages on a server.  All I want to do is encrypt the parameters sent in
> the URL, to prevent people from spoofing our app and abusing our database
> (most likely with spam).  I've seen people ask this question in forums, and
> they usually get barraged with questions about why they want to do it,
> rather than answers.  Let me try to head a few off:
>
> 1. It's neither practical nor necessary to maintain sessions on the server.
> We're not using cookies, certificates, or HTTPS.  I don't even need the
> returned data to be encrypted (it's just DB queries coming back as XML).
> 2. I can't use GnuPG because of its license.
> 3. I want to use a public-key mechanism because the key will be sent in the
> clear from DB to app; I don't want to try to hide a private key in the app
> itself.
>
> As I understand it, the typical procedure is as follows:
>
> 1. Generate a random key and initialization vector to encrypt the block of
> text.
> 2. Encrypt that random key with the RSA public key.
> 3. Encrypt the data payload with the random key and IV, using Blowfish or
> other encryption.
> 4. Send the encrypted data payload, encrypted random key, and IV to the
> server for decryption.
>
> I think I'm nearly there: I'm generating a random key and IV; I have the
> public key coming back from the database and being loaded with
> PEM_read_bio_RSA_PUBKEY().  Now I guess I need to use the EVP_encrypt
> functions to encrypt the payload, but how do you calculate the size of the
> output buffer that's required for the encrypted data?
>
> I assume a normal next step is to add the encrypted key, IV, and encrypted
> payload as parameters in the HTTP GET and unravel all this using appropriate
> functions (and the private RSA key) in PHP on the server.  Correct?
>

I'm probably being obtuse here, but I don't see how encrypting your
request with a public key would help you with your original problem.

What stops a rogue app from doing the same encryption?

--
regards,
kushal
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How do calculate the

Stokestack
I'm probably being obtuse here, but I don't see how encrypting your
request with a public key would help you with your original problem.

What stops a rogue app from doing the same encryption?

They can't see what the parameters are.  So what are they going to encrypt?
Reply | Threaded
Open this post in threaded view
|

Re: How do calculate the

sandeep kiran p
Agreed they can't see the original parameters, but can't they replay the same encrypted data and make the server believe that the request came from a genuine client? If the server, through some mechanism, is able to validate that the client possesses the original Key and IV before sending the XML data, then your purpose is solved.

-Sandeep

On Wed, May 18, 2011 at 3:57 PM, G S <[hidden email]> wrote:
I'm probably being obtuse here, but I don't see how encrypting your
request with a public key would help you with your original problem.

What stops a rogue app from doing the same encryption?

They can't see what the parameters are.  So what are they going to encrypt?

Reply | Threaded
Open this post in threaded view
|

Re: How do calculate the

JoelKatz
In reply to this post by Stokestack
On 5/18/2011 3:27 AM, G S wrote:
>     I'm probably being obtuse here, but I don't see how encrypting your
>     request with a public key would help you with your original problem.
>
>     What stops a rogue app from doing the same encryption?
>
>
> They can't see what the parameters are.  So what are they going to encrypt?

I think you're missing the point, or I'm misunderstanding what you mean
by "parameters". Your stated problem was to detect whether a request was
originating from your app or not. No solution to this will work unless
somehow your app can do something that a fake/spam app cannot do.

Your solution was:

 > 1. Generate a random key and initialization vector to encrypt
 > the block of text.

So a rogue app can generate its own block of text, presumably containing
the spam or what not, and it can also certainly generate a random key
and IV.

 > 2. Encrypt that random key with the RSA public key.

A rogue app can do this unless you can somehow keep the public key
private. This may be possible, but most likely an attacker could extract
the key from your application.

 > 3. Encrypt the data payload with the random key and IV,
 > using Blowfish or other encryption.

Surely an attacker can do this.

 > 4. Send the encrypted data payload, encrypted random key, and IV to
 > the server for decryption.

Again, no reason an attacker can't do this.

So either I'm misunderstanding you, or your method won't actually do
anything. Or is the thinking that an attacker won't be able to extract
the public key? Or is that an attacker wouldn't be able to figure out
how to format the parameters?

DS

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How do calculate the

Stokestack
>Or is that an attacker wouldn't be able to figure out how to format the parameters?

Bingo. Nor will he know valid values for those parameters.

If someone goes to the trouble to run the app in an environment where he can scrutinize memory contents, then he can figure all this out.  But that's beyond what I'm trying to prevent.