如果两个文件的公钥是相同的，是否足以断定他们是由相同的证书签名？ [英] If public key of two files are same, is it sufficient to conclude that they were signed by the same certificate?

问题描述

我正在为我的软件实现自动更新机制。服务器上的msi使用signtool签名。我的应用程序下载msi并读取下载的msi的公共密钥。如果公钥与在源代码中硬编码的公钥匹配，它将执行msi并更新自身。

I am implementing an auto-update mechanism for my software. The msi on the server is signed using signtool. My app downloads the msi and reads the public key of the downloaded msi. If the public key matches the one that is hard coded in the source code, it will execute the msi and update itself.

这是否足以确保没有恶意的msi被误执行？我的理解是，一个文件将具有相同的公钥，只有通过我的证书签名。

Would this is be sufficient to ensure that no malicious msi gets executed by mistake? My understanding is that a file will have the same public key ONLY if signed by my certificate.

编辑：
借助petey的帮助，我可以检测到msi是否由我的证书签名。但是，这没有解决我的问题。我仍然可以使用工具，如Orca编辑签名的msi。即使msi不再与签名的一样，证书也没有发生。所以当我检查msi是否由我签名，我得到是。虽然我知道这可能是想要的行为，但必须有一些方法来检测msi是否被篡改

推荐答案

奇怪的是，如果它是相同的公钥，是相同的证书。但是有了这个知识，攻击者可以轻松地模仿你的公钥，并坚持在他的MSI，因为，它是公开的。您应该使用该公钥来验证MSI上的签名，而不仅仅是检查它是否是相同的公钥，这样您就可以确定它是用您的相应私钥签署的，攻击者不会拥有该私钥。

Odds are, if it's the same public key, yes it is the same certificate. But with this knowledge an attacker could easily mimic your public key and stick it on his MSI, because, well it's public. You should use that public key to verify the signature on the MSI, not just check if it's the same public key, that way you would be certain it was signed with your corresponding private key, which no attacker would have. You should also run up the cert chain and verify signatures right up to your trusted CA.

编辑：

你在签什么？如果签名被更改，签名不应有效。然而，它听起来像一个消息验证码（密钥散列）将工作。如果您有一个预共享散列密钥，您可以在下载之前对MSI进行散列，然后再次在客户端验证散列。或者如果你不想使用一个键控的哈希，你可以使用一个规则的哈希，然后用同一个私钥签名哈希值。如果你可以用公钥验证（即解密）哈希，你知道哈希来自你，然后你可以重新哈希msi并检查哈希是否相同。

What exactly are you signing? A signature should not be valid if what was signed is altered. However, it sounds like a Message Authentication Code (keyed hash) would work. If you have a pre-shared hashing key, you could hash the MSI before it is downloaded, then verify the hash again client side. Or if you dont want to use a keyed hash, you could use a regular hash then sign the hash value with that same private key. If you can "verify" (ie decrypt) the hash with the public key, you know that hash came from you, then you can re-hash the msi and check if the hashes are the same.

这篇关于如果两个文件的公钥是相同的，是否足以断定他们是由相同的证书签名？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！