1

I have a question regarding https/tls. Lets say a client requests a website from a server via https. The client stores the entire traffic and his secrets to disk. Can i afterwards verify the authenticity of the data in the recording?

To my understanding after the initial key exchange (which is signed by the server certificate) the client and server use the same keys for synchronous encryption and hmac calculation. Thus a malicious client can afterwards (before storing the conversation to disk) generate a fake response and encrypt it with the same key the server would have used.

Is my assumption correct?

  • To be exact encryption and hmac (unless AEAD) use different keys for each direction, but both peers have the keys for both directions so either can forge. Dupe https://crypto.stackexchange.com/questions/5455/does-a-trace-of-ssl-packets-provide-a-proof-of-data-authenticity and https://crypto.stackexchange.com/questions/29751/are-https-web-sessions-non-repudiable – dave_thompson_085 May 18 '17 at 05:50

1 Answers1

2

Your assumption is correct; after the initial key exchange, everything is done with symmetric encryption. As the client has the symmetric keys, he can create any transcript he wants, and figure out how it would be encrypted and integrity protected.

TLS was designed to do secure communication; nonrepudiable transcripts were never a design goal.

poncho
  • 147,019
  • 11
  • 229
  • 360