php - How to create digital signature that can not be used to reproduce the message twice -
i creating client-server application , i'd send data server client securely.
using public/private key algorithms makes sense , in php can use openssl_sign , openssl_verify functions check data came has private key.
now imagine 1 of actions sent server client destructive in nature. if uses http sniffer catch command (which signed properly) how can make sure command executed when our server sent , not hacker reproducing same command?
ok while writing figured out using auto-increment id number every sent message simple solution problem. client have check incoming message id never smaller current id have stored.
include nonce (random value, unique each message) message, , on client keep track of used nonces. i.e. if attacker takes signed message , resends later, nonce used client, client won't handle message second time.
Comments
Post a Comment