PHAR签名如何防止篡改文件? [英] How PHAR signature prevents tampering with files?

问题描述

我想知道是否可以重用PHAR文件的签名.由于手册中所述 ，每个文件都有一个清单，其中包含很多可以伪造的东西，以及4字节的CRC32校验和，这是一个较差的选择(md5或sha1会很安全)，但比其他东西更难伪造.我对创建用于验证的签名所使用的校验和的有效性表示怀疑.我的意思是，每次包含phar文件都会创建一个校验和，但是如果要保持安全性，则不可以选择添加包含校验和的清单清单缓存(因为修改该缓存相对容易，如果它存储在phar文件中).您知道phar软件包如何快速解决此问题吗?

I am wondering if it is possible to reuse a signature of a PHAR file. As it is described in the manual, each file has a manifest, which contains a lot of things which can be faked, and 4 bytes of CRC32 checksum, which is a poor choice (md5 or sha1 would be much secure), but can be faked harder than other stuff. I have doubts about the validity of checksum used by creating the signature for verifying. I mean it is slow to create a checksum by every inclusion of the phar file, but adding a manifest cache, which contains the checksum is not an option, if you want to stay secure (because it is relatively easy to modify this cache, if it is stored in the phar file). Do you know how phar packages solve this in a fast way?

推荐答案

文档很难遵循，并且在某些地方已经过时，但是验证似乎如下:

The documentation is rather hard to follow, and in some places out of date, but the verification seems to be as follows:

• 所有文件，即使是Tar或Zip格式的文件，也都包含清单具有用于基本自我验证的CRC检查；这不是防篡改的，但是会检测到下载不完整之类的东西
PHAR格式的
• 文件也可以包含以下几种格式之一的签名:选择由创作者
• 从PHAR 2.0(PHP版本不清楚)开始，签名还可以使用OpenSSL公私钥对
• 此签名是根据档案的全部内容计算，与清单无关，因此如果它或公钥分布在受信任的渠道上，则可以信任来检测篡改

• all files, even those in Tar or Zip format contain a manifest with a CRC check for basic self-validation; this is not tamper-proof, but will detect things like incomplete downloads
• files in the PHAR format can also contain a signature in one of several formats chosen by the creator
• as of PHAR 2.0 (PHP version unclear), the signature can also use an OpenSSL public-private key pair
• this signature is calculated on the whole contents of the archive, independent of the manifest, so can be trusted to detect tampering if it, or the public key, is distributed over a trusted channel

您的问题谈论签名和验证过程的速度，这是您怀疑算法不安全的关键部分. 维基百科将SHA-256/512的性能总结为200到300 MiB/秒在便宜的64位CPU上.由于PHAR归档文件不可能大到200MiB，并且由于签名验证是按需执行的，而不是不是每次执行时都执行(至少，我认为是这样)，所以散列整个文件的几分之一秒不太可能是一个问题. (签名的创建也可以推迟到所有文件都添加完之后，因此不再需要更高的速度.)

Your question talks of the speed of the signing and verifying process, and this is a key part of your suspicion that an insecure algorithm might be in play. Wikipedia summarises the performance of SHA-256/512 as 200 to 300 MiB/second on an inexpensive 64-bit CPU. Since a PHAR archive is unlikely to be as large as 200MiB, and since signature verification is performed on-demand, not on every execution (at least, I think so), the fraction of a second to hash the whole file is unlikely to be an issue. (Creation of the signature can also be postponed until all files are added, so again has no requirement for higher speed.)

这篇关于PHAR签名如何防止篡改文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！