Using digital signature to secure QR code

5
votes

I was looking for something like "inverted asymmetric cryptography" and came across a great post, which actually covers what I need.

I want every user of my application has a public key allowing them to decrypt the message hidden in QR code which was encrypted with my private key. I want to make sure my system cannot be deceived by a fake QR code covering mine. Accepted answer suggests using digital signature so I googled Java tutorial, showing how to use that feature.

Here comes a little misunderstanting. I thought that using a digital signature, there would be a simple situation (let's call it a Situation A):

  1. Message is encrypted with private key
  2. User reads encrypted message
  3. User uses the public key to decrypt message.

However, my understanding is the digital signature works more like:

  1. A digital signature is created using the private key and the message.
  2. User needs the original message and the signature file.
  3. User uses the digital signature to verify the message wasn't changed and comes from me.

Am I right here? If so, how can I put both my message and signature in a QR code? Things seemed pretty easy in case of Situation A as I simply could encode the encrypted message using Base64 and put the result in the QR code. However, it looks like I can't do the same thing without using tricks like encode message, encode signature, put them in one file, encode it, put the result in the code. How can I do so then?

Oh, there is also an answer from question "QR code security" saying:

You can put anything you want in a QR code, including Base-64 encoded bytes representing a signed document. No reader will know what to do with it; you'd have to write a custom app that scans and then knows to decode it and act accordingly.

According to the tutorial mentioned earlier it looks like the signed document itself is not enough though.

2
javaencryptionqr-codedigital-signature
Your situation A doesn't make sense. An encryption that can be decrypted by a public key is pointless.user207421
@EJP well, it can be used instead of signing...mkl
@spoko yes, signing creates a signature file, an additional file. Depending on the signature file format, though, the signature file may embed the signed data.mkl
@EJP I want everybody be able to decrypt my message but meanwhile, I am the only one who can create a valid QR code. This way, if somebody tries to attack my system (creating a sticker with fake qr code and physically covering mine), the users app won't read anything useful and won't work instead of doing what attacker wants. I wouldn't say it's pointless.spoko
So you need digital signatures, not encryption. The usual practice is to sign a message digest and to send that all along with the message.user207421

2 Answers

1
votes

When I asked this question, I assumed there is some kind of good habit or something similar. Since there is not one provided, I decided to use my own solution, a little similar to DarkSquirrel42's suggestion.

I created my own encoder and decoder. Actually, I used exactly the same trick I described in my original post.

  1. Sign my message
  2. Encode both message and the signature using base64

  3. Combine both strings in one string like this

    base64(message)-base64(signature)

  4. Base64() the String above like this:

    base64(base64(message)-base64(signature))

  5. Put that encoded string in a QR code.

  6. My decoder - I decode first layer of base64, split the result string on message and signature parts (that's why there is a hyphen in 3.) and then I pass the message to an appropriate handler if the signature is correct.
0
votes

be aware that your message size will grow significantly if you were handling small messages before ...

a signature has nothing to do with an extra file or something ... you can perfectly calculate them and use them while only handling text ...

PGP for example does this ...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<your message here>

-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.9 (GNU/Linux)  

<some base64 encoded data holding the signature>  
-----END PGP SIGNATURE-----

now, you don't have to do it exactly like pgp, but, all you need is some structure to tell message and signature apart ...

for example if you know your message may not be really long, simply define that the first 2 bytes define the message length, and prepend that ....

if you want, the next step can be encoding the whole thing in base64, and you know how to go from there