php - How to create digital signature that can not be used to reproduce the message twice -


i creating client-server application , i'd send data server client securely.

using public/private key algorithms makes sense , in php can use openssl_sign , openssl_verify functions check data came has private key.

now imagine 1 of actions sent server client destructive in nature. if uses http sniffer catch command (which signed properly) how can make sure command executed when our server sent , not hacker reproducing same command?

ok while writing figured out using auto-increment id number every sent message simple solution problem. client have check incoming message id never smaller current id have stored.

include nonce (random value, unique each message) message, , on client keep track of used nonces. i.e. if attacker takes signed message , resends later, nonce used client, client won't handle message second time.


Comments

Popular posts from this blog

apache - Add omitted ? to URLs -

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

php - How can I stop spam on my custom forum/blog? -