Cookie tamper-proofing

Keywords: cookie encryption oning Summary: In addition to session, it generally does not store overly-important credencookies in cookies on the client. However, e-commerce applications sometimes inevitably store some sensitive data on the client, of course, you do not want to be tampered. Objective: To enable the server to recognize that the cookie value has been tampered. Method: Add a tamper-resistant verification code to set-cookie. For example, user_name = alex | bj95ef23cc6daecc475de: md5 (cookieValue + key) or sha1 (cookieValue + key ), the key can be a fixed string mastered by the server, or it can be very complex (such as the LTPA example below ). Check rule: After the server obtains the cookie sent from the client, it recalculates the verification code. If the verification code is consistent, the verification code is not tampered. Example 2: Lightweight Third-Party Authentication (LTPA) is a single sign-on technology used in IBM Websphere and Domino products. When the server has configured the LTPA authentication method and the user successfully logs on to the server through the browser, the server automatically sends a session cookie to the browser, which contains an LTPA Token. A valid LTPA Cookie can be automatically authenticated by all servers in the same authentication domain. This Cookie contains authentication information and timestamp. This information is encrypted by bis through the shared 3DES Key. Use a public key/private key for signature. 1) General Introduction: The original LTPA Cookie value is encrypted using DESede/ECB/pkcs5 using the 3DES key. This 3DES key is also encrypted using DESede/ECB/pkcs5 P. After encryption, use the provided key password for SHA-1 Hash, generate a 24-byte key, and then encode it with base64. For example, in Dmonio, The LTPA Cookie value is composed of the following formula: SHA-1 = LTPA version number + creation time + expiration time + User Name + Domino LTPA key LTPA Cookie = Base64 (LTPA version number + creation time + expiration time + User Name + SHA-1) to parse the LTPA Token, first, you must use the key password to generate the 3DES key, and then use the 3DES key to decrypt the Token Cookie. You can also use a public/private key to sign or verify the LTPA Cookie. 2) Principle of WebSphere LTPA generation first, this cookie consists of the following parts, separated by %: user information, format: u: user \: <RealmName>/<UserDN>, such: u: user \: VGOLiveRealm/CN = squallzhong, O = VGOLive Technology expiration time signature information, such as: u: user \: VGOLiveRealm/CN = squallzhong, O = VGOLive Technology % 1301558320666% Bytes/ZbqDp1z7MS + dLzniuUH4sYWCMpnKdm7ZGabwmV + WcraBl + y + fill + 617xndpVxke2jtS5wIyVVM3q7UDPw = 3) WebSphere LTPA Cookie parsing the following code is to parse the LTPAToken Cookie sent from WebSphere or Domino. Take Java as an example: 01... 02 // LTPA 3DES key 03 String ltpa3366ey = "7dH4i81YepbVe + Signature ="; 04 // LTPA key and password 05 String ltpaPassword = "Passw0rd"; 06 try {07 // step 1, obtain the encrypted key08 byte [] secretKey = getSecretKey (ltpa3DESKey, ltpaPassword); 09 // step 2, use the Encrypted key to decrypt ltpa Cookie10 String ltpaPlaintext = new String (decryptLtpaToken, 11 secretKey); 12 displayTokenData (ltpaPlaintext); 13} catch (Exception e) {14 System. out. println ("Caught inner:" + e); 15} 16... 17 // obtain the secure Key18 private static byte [] getSecretKey (String ltpa3DESKey, String password) 19 throws Exception {20 // use SHA to obtain the hash value of the key password 21 MessageDigest md = MessageDigest. getInstance ("SHA"); 22 md. update (password. getBytes (); 23 byte [] hash3DES = new byte [24]; 24 System. arraycopy (md. digest (), 0, hash3DES, 0, 20); 25 // use 0 to replace the last 4 bytes with 26 Arrays. fill (hash3DES, 20, 24, (byte) 0); 27 // BASE64 decoding ltpa3DESKey28 byte [] Decode3DES = Base64.decodeBase64 (ltpa3ey ey. getBytes (); 29 // use the key password hash value to decrypt the Base64 decoded ltpa3receivey30 return decrypt (decode3DES, hash3DES ); 31} 32 // decrypt LtpaToken33 public static byte [] decryptLtpaToken (String encryptedLtpaToken, byte [] key) 34 throws Exception {35 // Base64 decode LTPAToken36 final byte [] ltpaByteArray = Base64.decodeBase64 (encryptedLtpaToken37. getBytes (); 38 // use the key to decrypt the Base64 decoded LTPAToken 39 return decrypt (ltpaByteArray, key); 40} 41 // DESede/ECB/PKC5Padding Solution Method 42 public static byte [] decrypt (byte [] ciphertext, byte [] key) 43 throws Exception {44 final Cipher cipher = Cipher. getInstance ("DESede/ECB/PKCS5Padding"); 45 final KeySpec keySpec = new DESedeKeySpec (key); 46 final Key secretKey = SecretKeyFactory. getInstance ("TripleDES") 47. generateSecret (keySpec); 48 cipher. init (Cipher. DECRYPT _ MODE, secretKey); 49 return cipher. doFinal (ciphertext); 50} 51... The parsed LTPAToken information is separated by %. Reference resources: 1) hannover,LTPA Cookie principles