Re: Using SSL private key for cookie's HMAC

[Andrew Steingruebl <asteingruebl () cccis com>]

On Thu, Aug 26, 2004 at 11:42:36PM -0500, Simon Zuckerbraun wrote:
> I'm pondering a design question regarding a web application that is to 
> operate over SSL. We want to include an HMAC in our cookies to prevent 
> tampering. To produce an HMAC, the server must be configured with a 
> private key.
>
> Since the website operates with SSL, the server already *has* a private 
> key available: the private key of its SSL certificate. Is there any harm 
> in using this same private key for producing the HMACs as well?

You probably don't really want an HMAC.  HMACs are useful when both
sides of a convesation share a key and want to check the validity of a
piece of data.

What you probably really want is to one-way hash a cookie value with
some other value known only to your server and then check the cookie
returned by the user.

Best practices usually dictate using a key for one purpose only so I
wouldn't recommend reusing your private key for this purpose.  

Is there actually data in the cookie, or is it just a session
identifier?  If its just an identifier than you don't really need a
signature on it.  If it does contain data then signing it somehow
probably can't be all bad.

I think we'd need to see more of your requirements/design before we
could give more advice.

--
Andy Steingruebl