CSR verification

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CSR verification

Arsen Hayrapetyan-2
Hello all,
I have a question that comes from a real-life situation.
Suppose you have a CA that signed a CSR and prodused a certificate for
some user.
After sometime the CA revokes that certificate. Then that user sends to
a CA a new CSR.
The policy of the CA does not permit it to sign a CSR generated using a
key which has been revoked (well, the corresponding certificate has been
revoked). How can the CA verify that the new  CSR hasn't been signed
with the old (revoked) key. Is there an elegant method? One option is to
get out a public key both from CSR and from (possibly all!) revoked
certificates and compare them. If there is a match then CA rejects a CSR
as doesn't matching its policy. But this method is too cumbersome. Is
there some option to a verification command (say openssl req -verify
...) to verify a CSR which allows to pass a directories or files that
contain a list of untrusted certificates?

Best regards,
Arsen.

--
PGP Key: ID 0xBBE3DFD8 (expires: 2006-08-03)
Fingerprint: 1C3B 2C01 40DF ED87 23B1  BF6F 95C4 2E77 BBE3 DFD8


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: CSR verification

Richard Levitte - VMS Whacker
Arsen Hayrapetyan writes:

> Hello all,
> I have a question that comes from a real-life situation.
> Suppose you have a CA that signed a CSR and prodused a certificate for
> some user.
> After sometime the CA revokes that certificate. Then that user sends to
> a CA a new CSR.
> The policy of the CA does not permit it to sign a CSR generated using a
> key which has been revoked (well, the corresponding certificate has been
> revoked). How can the CA verify that the new  CSR hasn't been signed
> with the old (revoked) key. Is there an elegant method? One option is to
> get out a public key both from CSR and from (possibly all!) revoked
> certificates and compare them. If there is a match then CA rejects a CSR
> as doesn't matching its policy. But this method is too cumbersome. Is
> there some option to a verification command (say openssl req -verify
> ...) to verify a CSR which allows to pass a directories or files that
> contain a list of untrusted certificates?

A quick solution (which seems a bit complicated because 'openssl req' has no
way to print the key fingerprint):

Have a file with public key hashes for all revoked certificates, say
'revoked-hash.txt'.  It's fairly easily generated by doing the following
when revoking a certificate (in addition to doing 'openssl x509 -revoke
...'):

 openssl x509 -pubkey -outform DER -in {certfile} | \
   openssl sha1 -hex >> revoked-hash.txt

Comparing is just as easy:

CSRHASH=`openssl req -pubkey -outform DER -in {csrfile} | \
          openssl sha1 -hex`
if grep $CSRHASH revoked-hash.txt; then
   # refuse
 else
   # sign
 fi

That's Unixly shell, of course.  You will need to translate it if you don't
do this on Unix...

Also, I haven't tested the above code.  You will have to do that yourself.  
All I wanted was to give you something to draw inspiration from...

 -----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [hidden email]
                                       http://richard.levitte.org/ 

"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
                                               -- C.S. Lewis

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CSR verification

Arsen Hayrapetyan-2
Thank you Richard for a quick response,

Richard Levitte wrote:

> Arsen Hayrapetyan writes:
>
>> Hello all,
>> I have a question that comes from a real-life situation.
>> Suppose you have a CA that signed a CSR and prodused a certificate for
>> some user.
>> After sometime the CA revokes that certificate. Then that user sends to
>> a CA a new CSR.
>> The policy of the CA does not permit it to sign a CSR generated using a
>> key which has been revoked (well, the corresponding certificate has been
>> revoked). How can the CA verify that the new  CSR hasn't been signed
>> with the old (revoked) key. Is there an elegant method? One option is to
>> get out a public key both from CSR and from (possibly all!) revoked
>> certificates and compare them. If there is a match then CA rejects a CSR
>> as doesn't matching its policy. But this method is too cumbersome. Is
>> there some option to a verification command (say openssl req -verify
>> ...) to verify a CSR which allows to pass a directories or files that
>> contain a list of untrusted certificates?
>
>
I see you suggested something very similar to that I wrote (comparing
digests of public keys instead of PubKeys themselves) :)
Well, I've tested it:

> A quick solution (which seems a bit complicated because 'openssl req'
> has no way to print the key fingerprint):
> Have a file with public key hashes for all revoked certificates, say
> 'revoked-hash.txt'.  It's fairly easily generated by doing the
> following when revoking a certificate (in addition to doing 'openssl
> x509 -revoke ...')

> openssl x509 -pubkey -outform DER -in {certfile} | \
>   openssl sha1 -hex >> revoked-hash.txt

> Comparing is just as easy:
> CSRHASH=`openssl req -pubkey -outform DER -in {csrfile} | \
>          openssl sha1 -hex`

After revoking certificate with 'openssl ca -revoke', I've run the
commands you suggested.
But when I ran the following "shell-part" of your suggestion, I ended up
with a diagnostics that the two commands I had run generated two
different message digests!
Rhe reason was that the first command included the Public Key and the
second one the Request as well, so the MDs were different. Adding -noout
option to baoth commands resolved that problem. Also it works without
"-outform DER" option (with default PEM, I've tried).

> if grep $CSRHASH revoked-hash.txt; then
>   # refuse
> else
>   # sign
> fi
> That's Unixly shell, of course.  You will need to translate it if you
> don't do this on Unix...
> Also, I haven't tested the above code.  You will have to do that
> yourself.  All I wanted was to give you something to draw inspiration
> from...
> -----
> Please consider sponsoring my work on free software.
> See http://www.free.lp.se/sponsoring.html for details.
What about adding someting similar to "-trustout" option of "openssl
x509" to "openssl -req"?
Anyway, thank you very much for giving me a hint.

Best regards,
Arsen.

--
PGP Key: ID 0xBBE3DFD8 (expires: 2006-08-03)
Fingerprint: 1C3B 2C01 40DF ED87 23B1  BF6F 95C4 2E77 BBE3 DFD8


smime.p7s (4K) Download Attachment