1

My problem today is that I have to secure XML files that I'm going to distribute from my internet website from third parties' manipulations.
I'll be as clear as I can, provided that I don't have no experience about XML.

First of all let me clarify that these XMLs are basically distributed as a courtesy to my "clients" who download them and they are to be read in order to be inserted in their databases. They basically are entries of a database. I cannot avoid doing this. The XML-files are to be distributed in that way and I cannot identify the "clients" who download them.

I would not know why my "clients" should accept files from other sources, but there could be eventualities where it may happen. If it does, these other sources could also download, read, modify the parameters of my XML (which, as is, is plain-text) and forward the modified file to the end-user (the "client").

I thought I could implement a Checksum method, but in the long term the third party could find out the algorithm and provide a modified file with a correct checksum too.
Is there any way at all to sign those XMLs so that the signature is lost after an adulteration?

Noldor130884
  • 974
  • 2
  • 16
  • 40
  • 2
    Perhaps you can have a look at **XML signatures** (http://www.w3.org/TR/xmldsig-core/). I don't know much about it, but I think it will fit what you want to do. – potame Mar 23 '15 at 08:36
  • I don't think it will fit: I have to send the XML as plain text and no matter how many fields with I add, a third party could always modify the file. I am not able to encrypt, send decryption keys or so on... – Noldor130884 Mar 26 '15 at 06:38
  • Do you have control over both the software exporting and importing the xml files? – jan Apr 07 '15 at 06:21
  • Essentially, a plain-text file is always going to be able to be edited, and there's really no way to add in something that will just disappear from it upon editing. But what you could do is provide another tool, where your clients could upload and validate their files before importing them. It's hardly an ideal solution, but possibly better than nothing. – Rob Wilkins Apr 09 '15 at 00:57

2 Answers2

2

Any public-key encryption algorithm can solve your problem (that's one of the features they can provide, authenticity):

http://en.wikipedia.org/wiki/Public-key_cryptography

The most important point is that the clients would need to check if the signature is valid or not. Either they do it manually, or you can provide a program for them to check if it's valid or not.

Steps:

  • Pick a public-key encryption algorithm of your choice (e.g.: RSA, PGP)
  • Generate a public and private key.
  • The public key would be placed publicly on your website, so the clients can access it (you can provide it with the XML file you have). You should keep the private key secret (that's what guarantees that nobody else can impersonate you).
  • Use any algorithm to create a hash of the file (e.g.: SHA256).
  • Use the private-key to create a signature for this hash. This will guarantee that the hash is valid.
  • Any client can create a hash with the same algorithm, and use your public key to check if the signature is valid (file was not modified, it was you who signed it).

You can use, for example, OpenSSL to do all that:

To create the hash (to be done by you to sign, and by the client to verify):

openssl dgst -sha256 data.txt > hash

To sign it:

openssl rsautl -sign -inkey privatekey.pem -keyform PEM -in hash > signature

To verify the signature:

openssl rsautl -verify -inkey publickey.pem -keyform PEM -in signature
gbuzogany
  • 1,911
  • 16
  • 17
  • This is probably the best solution. If you create small program for your clients, which will verify the file for them, insert your public key directly into that program, otherwise it could also be faked (signed with different private key and provided with different corresponding public key) – Rudolf Gröhling Apr 13 '15 at 20:00
0

If security is essential on textual data, then it has to be transmitted out of band across a trusted channel.

Your clients can fetch the records from your site as they need, and you can sign them digitally with a cryptographic hash as explained by @gbuzogany.

Then, have the users connect to your site periodically to retrieve a personalised key that they can use to extract data from the database.

This way, you control the life of the access key, but the data is freely available for use by any customers. Any third-party data won't have a hash generated from your master key and will not be read successfully by the application.

Your application will then ignore the unauthenticated records that you verify using the key that you fetch.

See:

Community
  • 1
  • 1
Pekka
  • 3,529
  • 27
  • 45