[jcifs] Signed file transfers

Michael B Allen ioplex at gmail.com
Sat Sep 1 13:18:10 MDT 2012


On Fri, Aug 24, 2012 at 5:26 AM, christofer.dutz at c-ware.de <
christofer.dutz at c-ware.de> wrote:

> Hi,****
>
> ** **
>
> I was confronted with a question, that I couldn’t definitely answer.****
>
> ** **
>
> It is possible to have a SMB file transfer signed in order to detect
> manipulated transfers (Man in the middle).****
>
> ** **
>
> Windows supports this, but soes JCIFS also support it? If yes … do I have
> to do anything to have the transfers signed, or is it always signed and
> it’s simply the receiving nodes responsibility to check this signature?***
> *
>
>
Hi Chris,

Yes, SMB signatures are always used by Windows and JCIFS and the signatures
include the payload of reads and writes so any modification of the data
stream will trigger a signature failure in JCIFS (or on the server side).
Technically SMB signing is negotiable but it has always been turned on and
used for as long as I can remember. There might be some old Samba based
file server or something like that that fails to use it. But Windows
definitely always uses it and modern security policy probably requires it.

Mike

--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/jcifs/attachments/20120901/f1435080/attachment.html>


More information about the jCIFS mailing list