PHAR签名如何防止篡改文件?
[英]How PHAR signature prevents tampering with files?
问题描述
I am wondering if it is possible to reuse a signature of a PHAR file. 
我想知道是否可以重用PHAR文件的签名。 As it is described in the manual , each file has a manifest, which contains a lot of things which can be faked, and 4 bytes of CRC32 checksum, which is a poor choice (md5 or sha1 would be much secure), but can be faked harder than other stuff. 如手册中所述 ,每个文件都有一个清单,其中包含很多可以伪造的东西,以及4个字节的CRC32校验和,这是一个较差的选择(md5或sha1会很安全),但可以比其他东西更难伪造。 I have doubts about the validity of checksum used by creating the signature for verifying. 我对创建用于验证的签名所使用的校验和的有效性表示怀疑。 I mean it is slow to create a checksum by every inclusion of the phar file, but adding a manifest cache, which contains the checksum is not an option, if you want to stay secure (because it is relatively easy to modify this cache, if it is stored in the phar file). 我的意思是,每次包含phar文件都很难创建校验和,但是如果要保持安全性,则不可以选择添加包含校验和的清单缓存(因为修改此缓存相对容易,如果它存储在phar文件中)。 Do you know how phar packages solve this in a fast way? 您知道phar软件包如何快速解决此问题吗?
1 个解决方案
解决方案1
1 已采纳 2014-05-11 13:50:37
The documentation is rather hard to follow, and in some places out of date, but the verification seems to be as follows: 该文档很难遵循,并且在某些地方已经过时,但是验证似乎如下:
- all files, even those in Tar or Zip format contain a manifest with a CRC check for basic self-validation; 所有文件,即使是Tar或Zip格式的文件,都包含带有用于基本自我验证的CRC检查的清单 ; this is not tamper-proof, but will detect things like incomplete downloads 这不是防篡改的,但是会检测到下载不完整之类的内容
- files in the PHAR format can also contain a signature in one of several formats chosen by the creator PHAR格式的文件也可以包含创建者选择的几种格式之一的签名
- as of PHAR 2.0 (PHP version unclear), the signature can also use an OpenSSL public-private key pair 从PHAR 2.0(PHP版本不清楚)开始,签名还可以使用OpenSSL公私钥对
- this signature is calculated on the whole contents of the archive , independent of the manifest, so can be trusted to detect tampering if it, or the public key, is distributed over a trusted channel 此签名是根据档案的整个内容计算的 ,与清单无关,因此,如果签名或公钥是在受信任的通道上分发的,则可以信任来检测篡改
Your question talks of the speed of the signing and verifying process, and this is a key part of your suspicion that an insecure algorithm might be in play. 您的问题是关于签名和验证过程的速度,这是您怀疑算法不安全的关键部分。 Wikipedia summarises the performance of SHA-256/512 as 200 to 300 MiB/second on an inexpensive 64-bit CPU. Wikipedia总结在便宜的64位CPU上SHA-256 / 512的性能为200到300 MiB /秒。 Since a PHAR archive is unlikely to be as large as 200MiB, and since signature verification is performed on-demand, not on every execution (at least, I think so), the fraction of a second to hash the whole file is unlikely to be an issue. 由于PHAR归档文件不可能大到200MiB,并且由于签名验证是按需执行的,而不是不是每次执行时都执行(至少,我认为是这样),所以散发整个文件的时间不到一秒钟一个问题。 (Creation of the signature can also be postponed until all files are added, so again has no requirement for higher speed.) (签名的创建也可以推迟到所有文件都添加完之后,因此也不需要更高的速度。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.