[jboss-jira] [JBoss JIRA] (JGRP-2274) ASYM_ENCRYPT: deprecate sign_msgs

Nick Sawadsky (Jira) issues at jboss.org
Mon Aug 19 18:52:00 EDT 2019 

    [ https://issues.jboss.org/browse/JGRP-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13772725#comment-13772725 ] 

Nick Sawadsky edited comment on JGRP-2274 at 8/19/19 6:51 PM:
--------------------------------------------------------------

[~belaban] Trying to better understand this change.

{quote}decryption of a message will fail if the contents have been changed{quote}

As far as I know, that is not true of all encryption algorithms. Some encryption algorithms have integrity checking built-in, but not all.

For example, the default AES mode in Java is ECB, which does not do any integrity checking. Whereas the GCM mode does perform integrity checking, so that decryption will fail if the message has been tampered with.

I realize that a naive modification will probably quickly result in an error of some kind. But I want to make sure I'm not missing something -- is there some check in the code that will immediately detect if a message has been tampered with by an attacker?



was (Author: nsawadsky):
[~belaban] Just a quick comment on this change.

{quote}decryption of a message will fail if the contents have been changed{quote}

As far as I know, that is not true of all encryption algorithms. Some encryption algorithms have integrity checking built-in, but not all.

For example, the default AES mode in Java is ECB, which does not do any integrity checking. Whereas the GCM mode does perform integrity checking, so that decryption will fail if the message has been tampered with.

I realize that a naive modification will probably quickly result in an error of some kind. But I want to make sure I'm not missing something -- is there some check in the code that will immediately detect if a message has been tampered with by an attacker?


> ASYM_ENCRYPT: deprecate sign_msgs
> ---------------------------------
>
>                 Key: JGRP-2274
>                 URL: https://issues.jboss.org/browse/JGRP-2274
>             Project: JGroups
>          Issue Type: Enhancement
>            Reporter: Bela Ban
>            Assignee: Bela Ban
>            Priority: Major
>             Fix For: 4.0.12
>
>
> In {{ASYM_ENCRYPT}}, signing messages means that the checksum of an encrypted message is computed and used together with the secret key of the sender to sign the message. On the receiver side, the public key of the sender is used to validate the signature.
> However, this is redundant, as decryption of a message will fail if the contents have been changed.
> If needed, signing of messages can be done in a separate protocol.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list