|
|
|
AntiForge - A unique digital signature solution
|
|
I have received more than a few e-mails asking for details on how I designed
the AntiForge process for Cotse. For those unaware, AntiForge allows for validation of messages
sent from Cotse WebMail without adding any extra text to the body or any extra headers. In effect, it is an unobtrusive digital
signature solution that can validate that the message has not been altered and that it originated from our servers.
It can also validate the sender and time the message was sent.
Current digital signatures usually add a hash to the message body. This process alters the content of the message
and often adds bulky blocks of text, increasing the size of the message. Some solutions hide this in the headers
by adding custom headers, but that still alters the message and increases the size by the size of the headers added.
What I wanted for Cotse was a way to validate messages and message content without it altering the message or adding
any extra headers. I also wanted it to be completely transparent to the end user, something handled by the server. The problem is that to do this you need to store
a key with the message. The key being the digital fingerprint for that message. The solution was really very
simple.
The message ID. Every message sent requires a message ID. This is usually generated with the system time and
some random text, as the message ID must be guaranteed unique. The way I saw it, there was no reason that the
message ID could not be a key containing the hash value of the message. As long as the message ID can be guaranteed
unique, it can be anything.
So that is what I used. The message ID is actually a simple hash of a combination of hashes. Let me explain.
The idea is to take a MD5 hash of the message contents and subject to effectively get a fingerprint for them.
But you can't just do that, because it would mean that the same message sent again would generate the same message
ID and the message ID must be unique.
So, I added a hash of the current time down to the instant it was sent, effectively a time fingerprint. That solved
the verification of the contents and the time sent, but it did not verify the sender or the machine it was sent
from. Again, a simple solution, add a hash of the sender and a hash of the server to the mix.
To virtually guarantee the authenticity of the machine, two random files were created on the system and a MD5 hash
was done of each file. This created a fingerprint for the machine. We now have a hash value for the subject and
message contents, one for the time, one for the sender, and two for the system. That's a pretty long message ID.
Too long, considering a MD5 hash is 32 bit and we now have five of them.
The solution was a fingerprint of the hashes. Concatenate them together and take a MD5 hash value of that concatenation.
This method effectively turned a long message ID to a reasonably sized message ID. By including the necessary
keys with the hash value in the message ID, it is possible to duplicate the process to verify the message.
In other words, the message ID contains the time, the sender, and the total hash value. It only leaves two missing
fingerprints. The fingerprint of the machine, the one generated by the MD5 hash of the two random files created
on the system, and the fingerprint of the message contents.
Well, the system has the files used for the machine fingerprint. So the verification page has access to that hash.
And the hash can be recreated for the message subject and contents. All the pieces are there. The process just
needs to then be duplicated and a match made between the hash value in the message ID and the one just recreated
by the validation page. If the hashes match, the message has not been altered. If they don't match, it has been
altered.
While the process may sound complex and slow, it is really not. The code is fast and the message can be sent or
validated with no obvious delays. It can also be taken futher and there are some special tweaks needed to counter
formatting changes that some mail clients do when they display a message. I'll cover this in a future article.
/steve
10/29/01 |
| |
|
|
|
 |
|
|
|
Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
| |
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
| |
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
| |
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
| |
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!
|
|
Service Details
|
|
|
|
