Using crypto to sign auto update patch files?

[Laura Jennings]

Greetings! I just found this excellent resource (as well as a very similar site which seems to be equally informative in case any of you browse both ) and I am looking forwarding to continued browsing and hopefully some contributing. However, I am having some difficulty myself with the idea of cryptographically signing patch files to be used in conjunction with an auto updating application. The software is for Windows only.

Currently, I just have the program download a text file that further instructs it on what to download, but this text file could be overwritten by a hacker or anyone else who might have access.

Ultimately, my goal is to be able to run some sort of cryptography program on my computer and somehow sign the text file (and probably the files to be patched too) and have my software only proceed with the patch if it can verify it was signed by my computer.

Ideally, I would be able to sign it from a Linux LiveCD (maybe in conjunction with wine if its a typically Windows program?) so as to better secure against insecurity from my own computer. I realize this extra step complicates matters so if you don't know of a solution that can sign on Linux and yet verify that signature on Windows I'd still appreciate your suggestions very much.

Can anyone offer suggestions as to how to do this (or something similar that would accomplish the same thing)? I'm only somewhat competent with C++, so if you know of any solutions in the form of already made programs that I could just execute from the updater program, that would be preferred. Thank you very much for reading!

edit: A friend told me I should look at GPG and it does seem like that might be what I need, but I'm really confused with how I could implement what I need with them and the friend never used it in that way. If any of you have familiar with GPG could you offer some advice (even if its simply that I am confused as to the purpose of GPG and it cannot in fact be used for in the way I think it can)? Thanks again!

Laura Jennings

[Differ]

Just use a md5 checksum. When it starts downloading things from other sites, have the program connect to your computer and verify the checksum.

[Laura Jennings]

I actually thought of something similar, but the problem is my computer won't be on 24/7.

[matsp]

I still think differst suggestion is a valid one, just make "your computer" into some server somewhere that you think you can trust.

--
Mats

[Differ]

Put the checksums on a hosting service. Have the program check that website.

Anyways, if they can change the text file, they can change anything. So they can simply alter the md5 sum and insert their own. It'll never be totally secure.

[Cat]

Put the checksums on a hosting service. Have the program check that website.

Anyways, if they can change the text file, they can change anything. So they can simply alter the md5 sum and insert their own. It'll never be totally secure.

Which is why the original idea is a good one -- to sign it.

You generate a key pair using any public key cryptography algorithm -- e.g. Diffie-Hellman, DSS, RSA, etc -- and when you generate that text file, you sign it with your private key. The program has, embedded within it, your public key, which it uses to decrypt the patch. You likewise encrypt the patch itself with your private key, and the program decrypts it.

Now, the only way the hacker can modify what gets patched (without having the private key) would be to compromise BOTH the web host and the end user's machine, alter the client itself to replace the public key with one the hacker made, and replace the patch files with ones the hacker made.

However, if the hacker has already compromised the user's machine, it's simply not possible to stop them (and really, if they've already compromised the server and client both, trying to stop them is like closing the barn door after the horse gets away).

This signature method, as long as the machine storing the private key is not compromised, means that compromising the web server cannot compromise your clients. It's therefore of vital importance to keep that key secure and private.

Ideally your development machine wouldn't even have internet access -- the patch would be developed and encrypted there, burned onto CD, and then taken to a computer with internet access. You could also use something like a removable flash drive, but you'd want to be sure autorun is disabled for that drive, and wipe the contents of the drive before copying data onto it. With that, it's highly unlikely they could compromise the machine holding the key.

Without using dual key cryptography to sign the patch files, someone who compromised the web server could compromise the clients.

[Differ]

I mean, a hacker can use SoftIce to actually go into the program and change the locations it's downloading from, after everything has been processed. A relatively simple task.

[Cat]

I mean, a hacker can use SoftIce to actually go into the program and change the locations it's downloading from, after everything has been processed. A relatively simple task.

Of course, but that means the hacker has already compromised the end-user's machine.

What this protects against is the hacker compromising the web server hosting the patch files, and modifying the patch files in order to compromise all the end users.

[Differ]

Of course, but that means the hacker has already compromised the end-user's machine.

What this protects against is the hacker compromising the web server hosting the patch files, and modifying the patch files in order to compromise all the end users.

That was really stupid of me. I didn't think of that.

[Cat]

That was really stupid of me. I didn't think of that.

You are correct, though, in that there's nothing you can ever truly do about the end-user modifying the program, at best you make it harder, or get into an arms race of countermeasures.

[Laura Jennings]

Thank you all very much for your ideas. Cat, you are a genius . GPG definitely has a learning curve (more so than I thought it would) but I really appreciate the suggestions. I do have one quick question, is there any reason to both sign and encrypt the patch files (instead of just signing them)? Thanks again!

Laura

[abachler]

As long as you are using a liveCD, try makign the web page on a static disk, like a CD or DVD, then you can just remove the harddrive entirely. We are looking at doing this for the website at work. Makes it practically impossible for a hacker to rewrite your site. If you need to change the website fo course, you have to burn a new CD or DVD, but thats a small price to pay for security.