简体繁体 English

如何验证我在Python应用程序中控制的服务器的身份？

[英]How can I verify the identity of a server I control in a Python application?

原文 2015-07-26 16:33:19 1 1 python/ python-3.x

My application automatically downloads updates from a central server. 我的应用程序自动从中央服务器下载更新。 I'm a bit worried about someone, for example, hijacking my domain name and pointing it to their own server that offers subverted copies of the application. 我有点担心有人，例如，劫持我的域名并将其指向提供了应用程序颠覆副本的自己的服务器。

It seems to me like symmetric keys are the way to go about this. 在我看来，对称密钥是解决此问题的方法。 I'm thinking I can encode the public key right into the program's source and keep the private key on my sever, then add a step to the protocol where the client sends a message meaning "are you an authorized server" and the server sends back a message meaning "I sure am" encoded with the private key, and thus decoding it with the public key verifies that it came from my server. 我想我可以将公钥正确编码到程序的源中，并将私钥保留在我的服务器上，然后在协议中添加一个步骤，客户端发送一条消息，表示“您是授权服务器”，然后服务器发回一条用私钥编码的意思是“我肯定是”的消息，然后用公钥对其进行解码，以验证该消息来自我的服务器。 We then proceed as normal. 然后，我们照常进行。

Assuming this isn't a completely stupid way to go about things, how do I go about it? 假设这不是处理事情的完全愚蠢的方法，我该怎么做？ What lightweight libraries exist to encode/decode with RSA keys? 存在哪些轻量级库可以使用RSA密钥进行编码/解码？ I don't think I want full TLS with SSL; 我不认为我想使用SSL的完整TLS； I don't care who reads the update, and I can't really afford decryption overhead anyway - the download times are annoying as it is! 我不在乎谁会读取更新，而且无论如何我都负担不起解密的开销-下载时间很烦人！

1 个解决方案

The process needs to work something like this... 该过程需要像这样工作...

Server-side: 服务器端：

Build your message data on the server 在服务器上构建消息数据
Hash it using something like SHA256 使用类似SHA256的哈希值
Use the private key to sign the hash 使用私钥对哈希签名
Send the signature and the data to the client 将签名和数据发送给客户端

Client-side: 客户端：

Receive data and signature 接收数据和签名
Calculate the hash of the data independently 独立计算数据的哈希
Use the public key to verify that the hash we've generated matches the one signed by the server. 使用公共密钥来验证我们生成的哈希与服务器签名的哈希匹配。

If so, we know the data has been sent by the server and is unmodified. 如果是这样，我们知道数据已由服务器发送并且未修改。 We don't stop anyone else seeing the data, merely from tampering with it. 我们不会阻止其他任何人看到数据，而只是篡改数据。

The reason for doing it this way is the asymmetric encryption is very expensive (and gets more expensive quickly as message size increases). 这样做的原因是非对称加密非常昂贵（随着消息大小的增加，它很快变得更加昂贵）。 By simply signing a hash, we're limiting the amount of data that we need to process cryptographically, while still ensuring the message is unmodified. 通过简单地对哈希签名，我们限制了需要加密处理的数据量，同时仍确保消息未修改。

Be aware that this is a very high-level overview and there are lots of details that need to be handled correctly. 请注意，这是一个非常高级的概述，并且有很多细节需要正确处理。 Anything related to crypto is extremely hard to do correctly. 任何与加密有关的事情都很难正确完成。 If possible, find a library that already does this and use that instead. 如果可能，请找到已经执行此操作的库，然后改用该库。

If you can't find something that suits your needs, look into pycrypto or rsa and get reading. 如果找不到适合您需要的内容，请查看pycrypto或rsa并阅读。 This question might be a good place to start, but make sure you read both answers . 这个问题可能是一个很好的起点，但是请确保您阅读了两个答案。