...
Noncompliant Code Example (Seal then Sign)
Use This noncompliant code example uses the java.security.SignedObject class to sign an object, when the integrity of the object is to be ensured. The two new arguments passed in to the SignedObject() method to sign the object are Signature and a private key derived from a KeyPair object. To verify the signature, a PublicKey as well as a Signature argument is passed to the SignedObject.verify() method.
| Wiki Markup |
|---|
This noncompliant code example signs the object as well as seals |
it. According to Abadi and Needham \[[Abadi 1996|AA. Bibliography#Abadi 96]\] |
When a principal signs material that has already been encrypted, it should not be inferred that the principal knows the content of the message. On the other hand, it is proper to infer that the principal that signs a message and then encrypts it for privacy knows the content of the message.
| Wiki Markup |
|---|
The rationale is that any malicious party can intercept the originally signed encrypted message from the originator, strip the signature and add its own signature to the encrypted message. Both the malicious party, and the receiver have no information about the contents of the original message as it is encrypted and then signed (it can only be decrypted after verifying the signature). The receiver has no way of confirming the sender's identity unless the legitimate sender's public key is obtained over a secure channel. One of the three CCITT X.509 standard protocols was susceptible to such an attack \[[CCITT 1988|AA. Bibliography#CCITT 88]\]. |
Because the signing occurs after the sealing it cannot be assumed that the signer is the true originator of the object.
| Code Block | ||
|---|---|---|
| ||
public static void main(String[] args)
throws IOException, GeneralSecurityException, ClassNotFoundException {
// Build map
SerializableMap<String, Integer> map = buildMap();
// Generate sealing key & seal map
KeyGenerator generator;
generator = KeyGenerator.getInstance("AES");
generator.init(new SecureRandom());
Key key = generator.generateKey();
Cipher | ||
| Code Block | ||
| ||
public static void main(String[] args) throws IOException, GeneralSecurityException, ClassNotFoundException { // Build map SerializableMap<String, Integer> map = buildMap(); // Generate sealing key & seal map KeyGenerator generator; generator = KeyGenerator.getInstance("AES"); generator.init(new SecureRandom()); Key key = generator.generateKey(); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, key); SealedObject sealedMap = new SealedObject(map, cipher); // Generate signing public/private key pair & sign map KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); KeyPair kp = kpg.generateKeyPair(); Signature sig = Signature.getInstance("SHA1withDSA"); SignedObject signedMap = new SignedObject(sealedMap, kp.getPrivate(), sig); // Serialize map ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data")); out.writeObject(signedMap); out.close(); // Deserialize map ObjectInputStream in = new ObjectInputStream(new FileInputStream("data")); signedMap = (SignedObject) in.readObject(); in.close(); // Unsign map if (!signedMap.verify(kp.getPublic(), sig)) { throw new GeneralSecurityException("Map failed verification"); } sealedMap = (SealedObject) signedMap.getObject(); // Unseal map cipher = Cipher.getInstance("AES"); cipher.init(Cipher.DECRYPTENCRYPT_MODE, key); SealedObject mapsealedMap = new SealedObject(SerializableMap<Stringmap, Integer>) sealedMap.getObject(cipher); // Inspect Generate signing public/private key pair & sign map InspectMap(map); } |
Compliant Solution (Sign then Seal)
This compliant solution correctly signs the object before sealing it. This provides a guarantee of authenticity to the object, in addition to protection from man-in-the-middle attacks.
| Code Block | ||
|---|---|---|
| ||
public static void main(String[] args) throws IOException, GeneralSecurityException, ClassNotFoundException {KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); KeyPair kp = kpg.generateKeyPair(); Signature sig = Signature.getInstance("SHA1withDSA"); SignedObject signedMap = new SignedObject(sealedMap, kp.getPrivate(), sig); // BuildSerialize map ObjectOutputStream out SerializableMap<String, Integer> map = buildMap= new ObjectOutputStream(new FileOutputStream("data")); out.writeObject(signedMap); out.close(); // GenerateDeserialize signingmap public/private keyObjectInputStream pairin &= sign map KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA")new ObjectInputStream(new FileInputStream("data")); KeyPairsignedMap kp= =(SignedObject) kpgin.generateKeyPairreadObject(); Signature sig = Signature.getInstance("SHA1withDSA"in.close(); SignedObject// signedMapUnsign =map new SignedObject(map, kp.getPrivateif (!signedMap.verify(kp.getPublic(), sig); ) { // Generate sealingthrow key & seal mapnew GeneralSecurityException("Map failed verification"); KeyGenerator generator;} generatorsealedMap = KeyGenerator.getInstance("AES"(SealedObject) signedMap.getObject(); generator.init(new SecureRandom()); Key key = generator.generateKey(); Cipher// Unseal map cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPTDECRYPT_MODE, key); SealedObject sealedMapmap = new SealedObject(signedMapSerializableMap<String, Integer>) sealedMap.getObject(cipher); // SerializeInspect map InspectMap(map); } |
Compliant Solution (Sign then Seal)
This compliant solution correctly signs the object before sealing it. This provides a guarantee of authenticity to the object, in addition to protection from man-in-the-middle attacks.
| Code Block | ||
|---|---|---|
| ||
public static void main(String[] args) throws IOException, GeneralSecurityException, ClassNotFoundException { ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data")); out.writeObject(sealedMap); out.close(); // DeserializeBuild map SerializableMap<String, ObjectInputStreamInteger> inmap = new ObjectInputStream(new FileInputStream("data")buildMap(); sealedMap// =Generate (SealedObject) in.readObject(); in.close(); // Unsealsigning public/private key pair & sign map cipherKeyPairGenerator kpg = CipherKeyPairGenerator.getInstance("AESDSA"); KeyPair kp = cipherkpg.init(Cipher.DECRYPT_MODE, keygenerateKeyPair(); Signature signedMapsig = (SignedObject) sealedMap.getObject(cipher); Signature.getInstance("SHA1withDSA"); //SignedObject UnsignsignedMap map = new if (!signedMap.verify(SignedObject(map, kp.getPublicgetPrivate(), sig)) {; // Generate throwsealing new GeneralSecurityException("Map failed verification"); }key & seal map KeyGenerator generator; mapgenerator = (SerializableMap<String, Integer>) signedMap.getObject(); // Inspect map InspectMap(map); } |
| Wiki Markup |
|---|
Abadi and Needham have suggested \[[Abadi 1996|AA. Bibliography#Abadi 96]\] a useful principle of secure software design |
When a principal signs material that has already been encrypted, it should not be inferred that the principal knows the content of the message. On the other hand, it is proper to infer that the principal that signs a message and then encrypts it for privacy knows the content of the message.
...
KeyGenerator.getInstance("AES");
generator.init(new SecureRandom());
Key key = generator.generateKey();
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, key);
SealedObject sealedMap = new SealedObject(signedMap, cipher);
// Serialize map
ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data"));
out.writeObject(sealedMap);
out.close();
// Deserialize map
ObjectInputStream in = new ObjectInputStream(new FileInputStream("data"));
sealedMap = (SealedObject) in.readObject();
in.close();
// Unseal map
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, key);
signedMap = (SignedObject) sealedMap.getObject(cipher);
// Unsign map
if (!signedMap.verify(kp.getPublic(), sig)) {
throw new GeneralSecurityException("Map failed verification");
}
map = (SerializableMap<String, Integer>) signedMap.getObject();
// Inspect map
InspectMap(map);
}
|
Exceptions
| Wiki Markup |
|---|
*SER02-EX0:* A reasonable use for signing a sealed object is to certify the authenticity of a sealed object passed from elsewhere. This represents a commitment _about the sealed object itself_ rather than about its content \[[Abadi 1996|AA. Bibliography#Abadi 96]\]. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3171fa43bdbae1fc-1486ca45-40b44f00-9473bcf3-b10adeede1a0328b888afbd7"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1a1a59aea494d737-3352d24c-48ff438c-89ad8afe-b16d4740b914fc81ff17c9a9"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.10 Sealing Objects | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5c242abc4c160bc1-5122433b-4e504531-8c1d9447-efa5a623fddfb7621f1fc4f4"><ac:plain-text-body><![CDATA[ | [[Harold 1999 | AA. Bibliography#Harold 99]] | Chapter 11: Object Serialization, Sealed Objects | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="44683c26fd784a35-acbd0e0b-4485459e-bb229d5a-8dbcde7fe8a483eddd35c1a4"><ac:plain-text-body><![CDATA[ | [[Neward 2004 | AA. Bibliography#Neward 04]] | Item 64: Use SignedObject to provide integrity of Serialized objects | ]]></ac:plain-text-body></ac:structured-macro> |
| Item 65: Use SealedObject to provide confidentiality of Serializable objects | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="66e3fba8f2c620b5-304a75a3-4d1b4667-91b589b1-8bf027d530fa9219ad532e0d"><ac:plain-text-body><![CDATA[ | [[Steel 2005 | AA. Bibliography#Steel 05]] | Chapter 10: Securing the Business Tier, Obfuscated Transfer Object | ]]></ac:plain-text-body></ac:structured-macro> |
...