[Code] Encrypting communication between the OP and the RP

[Andrew Arnott]

On Thu, Apr 12, 2012 at 10:18 PM, Russ Ferrill <rferrill at vendorsafe.com>wrote:

>  Does the OpenID protocol require signing or does it just support it?
>
It requires it, of course.  Without signing OpenID would be completely
worthless (worse, in fact).


>  ****
>
> Does the DNOA implementation of OpenID implement signing by default?
>
Yes.  You can't turn it off.

> I assume that if the OP is signing the data that it sends to the RP, then
> the RP must be configured to use the same hashing algorithm and key as the
> OP.
>
That's one option in OpenID.  Another is that the OP signs the data and
sends it indirectly to the RP (via the browser redirect) then the RP sends
the data back (directly) to the OP and the OP verifies its own signature.
 Both flows are defined in the spec. The option where the RP verifies the
signature itself is loosely dubbed "smart mode" or "shared associations"
and the forwarding it back to the OP for verification is called "dumb mode"
or "private associations".


> Can you tell me where these are set?
>
It's distributed more than you might expect.  The code that chooses the
hashing algorithm, communicates it with the other party, and handles SSL
vs. non-SSL, the fallback mechanisms, etc. is quite complex.
Just a couple of places of interest may be these two files, which calls
into the code that generates the key, and places that key in a message that
is sent to the RP so that they agree on the key to use.  I'm not going to
review the entire OpenID protocol around key exchange and how this code
works though, so please do your reading of the spec to learn if you're
curious.
DotNetOpenAuth.OpenId.Provider\OpenId\Messages\AssociateUnencryptedResponseProvider.cs
DotNetOpenAuth.OpenId.Provider\OpenId\Messages\AssociateDiffieHellmanProviderResponse.cs



> ****
>
> I’m using the WebRingSsoProvider and Relying Party. Do they use the same
> configuration parameters for hashing algorithm and key as for Forms
> Authentication? If so, then I know how to set those.
>
You mentioned two specific samples from DNOA.  These samples don't override
any of the security behavior of DNOA.  While DNOA *does* let the host web
site restrict which crypto algorithms are available to use (for example,
perhaps you decide you only trust HMAC-SHA256 and not HMAC-SHA1, or you
only want shared keys to last 1 day instead of 14).  But these samples
don't adjust these defaults.
Forms Authentication doesn't require communicating with any remote party,
so I assume you mean the signing/encrypting that FormsAuth does on its HTTP
cookie.  No, it's not necessarily the same.  ASP.NET forms authentication
is generally a fixed configuration setting, whereas OpenID can use
different crypto algorithms based on who its talking to.

****
>
> Can you tell me which OP method does the signing and which RP method
> checks the signature?
>
All of them.  That is, every RP will either check the signature or forward
the message back to the OP to check the signature.

Please read the spec.  Most of your questions are answered there.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20120413/39514314/attachment.html>