Re: Encrypting control channel

In addition to the good advice given by the prior posters (digital
signature schemes), I note that in your original message, you basically
say that the hardware at each end is fully controlled by you and you
can embed a shared secret into all devices if necessary.

In addition to digital signature schemes, I would urge you to look into
HMACs (Hashed Message Authentication Codes). These are basically the
symmetric-key equivalent to signature schemes: anyone who possesses the
secret key can both create and verify MACs, while anyone who does not
possess the key cannot do this. As long as you assume that both the
broadcaster and the receivers are safe from compromise, this is
perfectly adequate as an attacker trying to modify your data cannot
compute a proper MAC without the key (the same guarantee that a
signature scheme gives you). The difference is that an HMAC is
computationally much cheaper than most asymmetric digital signature
schemes: it consists of nothing more than applying a hash function
twice, whereas digital signature schemes use large-integer arithmetic.


On Tue, 10 Jan 2012 22:41:55 +0000 (UTC)
ggr@xxxxxxxxxxxxx (Greg Rose) wrote:

Mostly good advice, except:

In article <k9cpg71lujds3euc2sa749ut649qo25t0d@xxxxxxx>,
Robert Wessel <robertwessel2@xxxxxxxxx> wrote:
In principal, this can be as simple as computing a SHA-256 hash of
the object, and encrypting that 256-bit hash with a private RSA key,
and transmitting that with the object. The receiver uses the public
RSA key to decrypt the hash, and compares that with a new SHA-256 of
the object. So long as the private key remains secret, that works.

You don't "encrypt with the private key". You
*sign* the hash. The recipient *verifies* the
signature. Even in RSA, the only system where the
mathematics looks like it works either way, the
requirements for signing and encryption are very

So, consider this just one of the ways that it's
hard to get this stuff right.