search

c2pa-org / specifications

The public specifications for the C2PA
Creative Commons Attribution 4.0 International
92 stars 8 forks source link

Replace an existing assertion #18

Closed jackmvision closed 1 year ago

jackmvision commented 2 years ago

I have a technical question after reading the standard briefly. How can we prevent a hacker from replacing an existing (genuine) assertion by a fake one? Because the hacker would know the hashing methods as listed in the standard. - I am just trying to understand how the standard could protect various hacking cases.

Thanks!

kevinmkane commented 1 year ago

The hash of the assertion is contained in the claim, and the contents of the claim are included in the payload over which the signature is generated. This means:

  1. If an attacker alters the hash in the list of assertions in the claim, the signature will fail to validate, because the attacker does not have access to the signer's private key to regenerate the signature.
  2. If an attacker alters the contents of an assertion, the hash will no longer match, and so the assertion will fail to validate at that point.

In other words, knowledge of the hash function is not helpful; it's the attacker not having knowledge of the signing key that prevents this attack.