[Issue 16510] Request: RSA digital signature validation in phobos
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Thu Jan 25 04:48:22 UTC 2018
https://issues.dlang.org/show_bug.cgi?id=16510
Carsten Blüggel <chilli at posteo.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chilli at posteo.net
--- Comment #4 from Carsten Blüggel <chilli at posteo.net> ---
I'm replying to this and deliberately not to
https://issues.dlang.org/show_bug.cgi?id=17958, because this is more specific:
RSA digital signature validation
This operation is quite easy to implement and there are no security concerns I
can see here; all it requires are publicly available information: The digital
signature, the public RSA key, the plain message that was signed, some
math/en-/decoding operations applied [https://tools.ietf.org/html/rfc8017], a
base64 decoder and digest functions (present in phobos already) and a
simplified ASN1-decoder (for DigestInfo; no full-fledged one required for this
case). If there are plans to incorporate some more crypto in phobos, I will
gladly contribute/share implementations, some is already on
https://github.com/carblue, a lot still on my ssd.
All of the discussion in
https://forum.dlang.org/thread/osnema$d5s$1@digitalmars.com is pointless
referring to this one operation "RSA digital signature validation", though the
discussion is absolutely valid and great care must be applied (leave it to
experts!) concerning cryptography in general (i.e. when e.g. secret/private key
material is involved; that's why the general case of
https://issues.dlang.org/show_bug.cgi?id=17958 is different and not really a
duplicate of this).
My take on aforementioned security discussion is also differing in that I would
rely on specialized hardware like smart cards or USB tokens only (both based on
small crypto chips) to store secrets and perform security related operations,
and use a widely-used, platform-independant API like PKCS#11/Cryptoki, now
http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html,
thus there would be no need to implement AES (precisely a frame function
calling e.g. intel's dedicated asm instructions), RSA and alike: An affordable
USB crypto token (17-50 €; smart cards even less) has all that implemented
already. The only dependency (for some operations only) would be on a library
that implements PKCS#11 API, either specific for the hardware from it's vendor
or the multi-platform one from the OpenSC project, which supports a lot of
smart cards/USB tokens, itself depending on openssl.
Thus the Crypto interface in phobos would be a smart D wrapper around the
PKCS#11 API + some code for cases when there is no secret/private key involved
and no PKCS#11 library support available or necessary like for "RSA digital
signature validation".
For the sake of fairness, it should be mentioned, that even some crypto chips
aren't abolutely secure, free of vulnerability notes like
https://www.kb.cert.org/vuls/id/307015. But they are the best choice I can
think of, far better than file based secrets.
I assume You are the donor, referred to in
https://forum.dlang.org/thread/osnema$d5s$1@digitalmars.com. Then I propose,
You ask Andrei Alexandrescu about his and Walter's plans concerning more crypto
in phobos, because what I read from the discussion (not all as it got somewhat
lost in prevalent dll discussion) was prevalently expressing fear to touch
crypto at all. It's not justified to be scary here following the route I
proposed. In principle, even the "RSA digital signature validation" can
completely be done by the crypto chip, but as this is a slow bottle neck for
large messages to be hashed, it's usually done by the PKCS#11 library or future
D code.
'Bindings' to the PKCS#11 API are available.
There is also the expertise of Cryptography in D - Amaury Séchet | DConf2017
https://www.youtube.com/watch?v=CoibdYFM53U
--
More information about the Digitalmars-d-bugs
mailing list