If public key of two files are same, is it suffici

2019-07-08 08:24发布

问题:

I am implementing an auto-update mechanism for my software. The msi on the server is signed using signtool. My app downloads the msi and reads the public key of the downloaded msi. If the public key matches the one that is hard coded in the source code, it will execute the msi and update itself.

Would this is be sufficient to ensure that no malicious msi gets executed by mistake? My understanding is that a file will have the same public key ONLY if signed by my certificate.

Edit: With petey's help, I was able to detect if the msi was signed by my certificate or not. However, this didnt quite solve my problem. I can still edit the signed msi using a tool like Orca. Even the msi is no longer the same as the one that was signed, nothing happens to certificate. So when I check whether the msi is signed by me, I get yes. While I understand that this might be intended behaviour, but there must be some way to detect if the msi was tampered with??

回答1:

Odds are, if it's the same public key, yes it is the same certificate. But with this knowledge an attacker could easily mimic your public key and stick it on his MSI, because, well it's public. You should use that public key to verify the signature on the MSI, not just check if it's the same public key, that way you would be certain it was signed with your corresponding private key, which no attacker would have. You should also run up the cert chain and verify signatures right up to your trusted CA.

Edit:

What exactly are you signing? A signature should not be valid if what was signed is altered. However, it sounds like a Message Authentication Code (keyed hash) would work. If you have a pre-shared hashing key, you could hash the MSI before it is downloaded, then verify the hash again client side. Or if you dont want to use a keyed hash, you could use a regular hash then sign the hash value with that same private key. If you can "verify" (ie decrypt) the hash with the public key, you know that hash came from you, then you can re-hash the msi and check if the hashes are the same.