Score:0

How to use OpenSSL to prove non-repudiation

br flag

If I download https://example.com/foo.txt, how can I prove to a third party that I got it from https://example.com.

I understand that their private key is used to secure the channel, rather than to sign the content of URLs.

Is there a way of downloading https://example.com/foo.txt and providing a chain of proof that my foo.txt was obtained from https://example.com?

dave_thompson_085 avatar
cn flag
Dupe https://crypto.stackexchange.com/questions/60233/does-the-server-signs-message-body-after-ssl-handshake and more linked there, some of which are already automatically shown at the right of this page.
Score:1
vu flag

Well, the simple truth is: you can't use encryption to do non-repudiation.

At best, encryption techniques proves the authenticity:

  • For AEAD and stand-alone message authentication codes, this is achieved through a MAC Tag.

  • For public-key encryption and key exchanges, this is done through padding and key confirmation.

Even if you get the full transcript of the transfer from the server, the disproving party can still substitute the content of the transfer with their own using the symmetric key associated with the transfer transcript, so there's no way to do non-repudiation.

More importantly, non-repudiation is a transferable proof of authenticity and integrity originated from the owner of the public key. This transferability is not something that can be achieved with just encryption - you need digital signature for this.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.