Authenticity and Integrity of HTTP Requests

2020-07-18 04:39发布

问题:

I have an API endpoint where external websites can submit a POST request. What would be the best method to make sure the requests are authentic and also are not tampered with, so they respect the principle of integrity?

Since the data is not valuable such as credit card information, I do not require HTTPS integration.

I have had a look at both HMACs and Digital Signatures, and I believe the second option would be better, yet I am unsure if this is the way to go?

Similarly, would hashing the request and verifying it on my server be enough?

回答1:

Both HMAC and Digital signature provides integrity and authentication:

  • integrity - because both of them based on hash. HMAC is hash-based message authentication code. Digital signature is encrypted hash of some message.
  • authentication - because HMAC uses symmetric secret key, and digital signature uses assymetric private key. Secret/private keys can be used only with person who knows it = authentication. Checking secret/private keys on recipient side in HMAC - recipient also knows secret that's why we call it symmetric. Checking secret/private keys on recipient side in digital signature - recipient also gets public certificate which can be checked on trusted third party.

Main difference - HMAC message can't be checked/validated by third party, only person who knows secret can validate/authenticate message. Digital signed message has public certificate and any person can check message owner by deciphering message with attached public key, computing hash, and checking public key in special trusted side.

Conclusion - use HMAC if you don't need anybody to be able to check is some message really belongs to sender.

Similarly, would hashing the request and verifying it on my server be enough?

No. Man-in-the-middle can modify your message and attach hash of modified message. Hashing provides integrity which means that message modification will also change the hash but hacker don't worry about hash equality beacuse he simply totally replace message with contents and hash! Some secret usage as in HMAC prevents such message replacements: man-in-the-middle still can change message but he couldn't recompute hash because he doesn't know secret.