2

When downloading files (mainly software/installers) from pages in browsers, sometimes it comes also with a cryptographic hash or a signature to verify the authenticity of a file against data manipulation (example below).

example of cmake download page showing files to be downloaded with the signature and their cryptographic hashes

example of tor browser download page showing files to be downloaded with their signatures

Why there isn't something that automatically says to the browser "Hey, this is the link to download the file and this is the link to download the signature, download both and check its authenticity"?

Is there a vulnerability issue?

And if there exists some extension or something else that does this, please tell me.

It would be really nice to have something that automatically checks the integrity and authenticity of downloaded files.

Gabriel Maia Gondim
  • 21
  • 3
  • See https://blog.acolyer.org/2018/11/28/towards-usable-checksums-automating-the-integrity-verification-of-web-downloads-for-the-masses/ for some interesting reading on this subject. – mti2935 Jan 02 '21 at 19:41
  • Also see https://stackoverflow.com/questions/48063150/content-security-policy-subresource-integrity-for-a-tags – mti2935 Jan 02 '21 at 20:34
  • If you can't trust the download, why trust checksum? Checksums are not provided for security reasons. – schroeder Jan 02 '21 at 20:52
  • @schroeder There is a good use case for this. Imagine you are downloading a file from a site that you trust, but the site uses a CDN to host the file. Even if an attacker (such as a rogue employee of the CDN, or a hacker that breaches the CDN) compromises the file hosted on the CDN, the attacker would probably not also be able update the checksum hash published by the trusted site. By comparing the actual checksum of the file downloaded from the CDN with the expected checksum published by the trusted site, the user is able to detect if the file was tampered with while hosted on the CDN. – mti2935 Jan 02 '21 at 21:08
  • @mti2935 that's more of a corner case than a use case. Regardless, this topic has been well covered before. – schroeder Jan 02 '21 at 21:12
  • 1
    @schroeder I agree. But, every site that hosts linux distros publishes the hashes of these distro's for this very reason (although few people actually have the know-how and/or take the time to actually verify them). Also, it's enough of a corner case that we now have subresource integrity (SRI) to prevent this very type of attack (although only for script files and stylesheet files, and not downloadable files). I think the OP is asking if there is an automated method for verifying the integrity of downloadable files, similar what we have with SRI for script and stylesheet files. – mti2935 Jan 02 '21 at 21:27
  • @mti2935 that is exactly what I'm asking. – Gabriel Maia Gondim Jan 03 '21 at 10:58
  • @GabrielMaiaGondim See https://blog.acolyer.org/2018/11/28/towards-usable-checksums-automating-the-integrity-verification-of-web-downloads-for-the-masses/ and https://www.meixler-tech.com/aivwd/ – mti2935 Jan 03 '21 at 13:29

1 Answers1

1

There is such a mechanism - Subresource Integrity. It allows a web site to specify a checksum for any <script> or <link> element on the page, where the link being provided presumably points off to a CDN, or a partner site, or some other resource that the main web page source doesn't have control over. You can learn how to use it here.

It wouldn't make sense in the normal context of pages being provided by a single site, because if the download from the site might be untrustworthy, so would any checksum provided by that site. It's used where there's a demarcation of trust between the page being loaded and the subresources that that page loads.

gowenfawr
  • 72,893
  • 17
  • 165
  • 200
  • subresource integrity is implemented for < script > tags and < link > tags, but is not implemented for < a > tags for referencing downloadable files. – mti2935 Jan 02 '21 at 19:37
  • What I mean is something to automatically get the signature and the public key and check for the authenticity of the file. – Gabriel Maia Gondim Jan 03 '21 at 11:28
  • @GabrielMaiaGondim such a thing does not exist as part of the standards today. As @mti2935 points out, some would like Subresource Integrity to be extended to <a> tags, which would achieve what you're asking for. But we're not there yet. – gowenfawr Jan 03 '21 at 17:19