Creating certs for others (without their private keys)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Creating certs for others (without their private keys)

Mouse-2
>
>
>It's fine for any box to store or cache certificates of any kind.
>Certificates are public data, and only contain a public key.
>  
>
I know that it's fine - am just describing the setup, mostly for the
benefit of those who tend to jump to conclusions and give others as
little credit as possible under the circumstances.

>urimobile> NOW Windows box claims that it holds NOT ONLY the server's
>urimobile> public key (which was expected), but ALSO the server's
>urimobile> PRIVATE KEY.
>
>This is the first time you said that *another* device's private key
>ended up on your Windows box.
>  
>
And you "naturally" ASSumed that I complained about both private and
public keys ending up on the machine _that owns that key-pair_. Thank
you very much.  On the other hand, we tend to judge others by our own level.

>And still, that can't happen because of a CSR, which is what you claimed was at fault.
>  
>
I never mentioned CSR. I simply stated that openssl-based CA seems to
deal more freely with others' private keys than normal security would
suggest, and that somehow one party's private key ended up on a
different box. From both (a) "openssl req" requiring private key which I
didn't think necessary, and (b) Windows box that received somebody
else's cert claiming to now be in possession of that somebody's private
key - I concluded that openssl is "guilty", and that private key ended
up in the wrong hands because the "request" - the *_only_* thing that
travels from the "victim" machine to the CA - somehow communicated it.
If in your opinion private key traveled via different means (not within
the "newreq.pem" bundle that contained private key as I showed you) -
please share the info with me.

For those who've had enough of this - a short technical summary:

/At least two demoCA sripts -  CA and CA.pl -  add user private key to
the signature request they prepare for sending to the CA (which IMHO is
wrong, no matter what Rich Salz says :-). CA signs the PubK in the
request, but leaves the rest of the bundle "unmolested". As a result,
unsuspecting user ends up with his private key traveling from his box
via CA to the recipient of his cert (assuming for whatever reason he
chooses to install the certs on the peers, rather than let the peer to
retrieve them online). It looks like a bug to me./

>However, it seems you found something:
>  
>
You can say so, thank you.

>(I assume, BTW, that you used CA.pl here)
>  
>
Correct.

And I don't know if this is the only place - I simply brought up the
most obvious and easiest to notice. There could be other places that  I
didn't know to look into.

>urimobile> Looks like it concatenates private key and the actual cert
>urimobile> request together.............
>
....................................

>I'd call that a bug, that's not the way it should be, in my opinion (translated: that's completely f*cked!).
>  
>
Yes this certainly is not the way it should be. And even though it's a
_demo_ CA, still IMHO it shouldn't do things like that.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Creating certs for others (without their private keys)

Mouse-2
In reply to this post by Dr. Stephen Henson
Dr. Stephen Henson wrote:

>PEM should be accepted but its very picky about any extra data before the
>-----BEGIN CERTIFICATE----- line.
>  
>
Hmm... I'll check - but I suspect it's too picky for me. :-)

>>True. As IPsec peers can exchange their certs automatically.
>>
>and I don't think Windows supports verification based just on server
>certificate.
>  
>
Well, I'm not sure I understand what you mean. My Windows box has server
and CA cert installed - and it establishes IPsec SAs with the server  
just fine (i.e. without actually going to CA online).

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Creating certs for others (without their private keys)

Richard Levitte - VMS Whacker
In reply to this post by Mouse-2
In message <[hidden email]> on Mon, 04 Jul 2005 17:16:31 -0400, Uri <[hidden email]> said:

urimobile> /At least two demoCA sripts -  CA and CA.pl

CA.sh and CA.pl both do the same wrong thing, bundle the private key
with the CSR (Certificate Signature Request or something like that,
described in PKCS #10, and what 'openssl req' mainly produces) in
newreq.pem.  I'm changing that for OpenSSL 0.9.8 and on.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Creating certs for others (without their private keys)

Simon McMahon
In reply to this post by Mouse-2
> IT is common practice for someone making a certificate request to prove that they have the private key.

Normally "proof of possession" is done by signing the request *with* the private key, not sending it in the request. The CA can then verify the requester's possession of private key using the public key (the one that it is going to certify) to verify the signature. No private key holder should ever send their private key to anyone including the CA - to do so is nonsense and undermines PKI's definition of 'private'.

My thanks to Uri for finding this poor treatment of private keys!


Simon McMahon

Work: (07) 31311420
Mobile: (043) 2294180


>>> [hidden email] 07/05/05 12:50am >>>
> Darn, I thought I explained the problem: openssl "req" seems to require
> private key of the cert requestor, which defeats the whole idea of PKI.

No.

IT is common practice for someone making a certificate request to
prove that they have the private key.  This is known as "proof of
possession" and is a common practice.

        /r$

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com 
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org 
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



***********************************************************************************
This email, including any attachments sent with it, is confidential and for the sole use of the intended recipient(s).  This confidentiality is not waived or lost, if you receive it and you are not the intended recipient(s), or if it is transmitted/received in error.

Any unauthorised use, alteration, disclosure, distribution or review of this email is prohibited.  It may be subject to a statutory duty of confidentiality if it relates to health service matters.

If you are not the intended recipient(s), or if you have received this email in error, you are asked to immediately notify the sender by telephone or by return email.  You should also delete this email and destroy any hard copies produced.
***********************************************************************************

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Creating certs for others (without their private keys)

Thomas J. Hruska
In reply to this post by Richard Levitte - VMS Whacker
Richard Levitte - VMS Whacker wrote:

> In message <[hidden email]> on Mon, 04 Jul 2005 17:16:31 -0400, Uri <[hidden email]> said:
>
> urimobile> /At least two demoCA sripts -  CA and CA.pl
>
> CA.sh and CA.pl both do the same wrong thing, bundle the private key
> with the CSR (Certificate Signature Request or something like that,
> described in PKCS #10, and what 'openssl req' mainly produces) in
> newreq.pem.  I'm changing that for OpenSSL 0.9.8 and on.
>
> Cheers,
> Richard

Whenever I get people asking how to make certificate requests with Win32
OpenSSL, I've generally told them to install Perl 5.6 or better and then
use CA.pl.

And there are a lot of people who are using CA.pl out there in this
fashion as a result of my recommendation.  Thankfully, most CA's
probably are honest enough to just look at the stuff they are supposed
to sign and people only need certs once in a while, but the private key
probably gets transmitted as cleartext with the rest of the CSR (i.e.
someone sniffing packets _might_ get the private key).

I'm looking forward to all of the changes 0.9.8 brings.

Thomas Hruska
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Creating certs for others (without their private keys)

Tan Eng Ten
In reply to this post by Mouse-2
Darn, so there's a bug in CA.pl, well, I've never explored that utility.
Anyway, if you'd just followed the instructions in the HOWTO to create
CSR's, you wouldn't end up having the private key concatenated with the
request.

And, the private key is needed by "openssl req" to sign the request.
CSR's have to be signed... You know this, right? :))

Uri wrote:

> Tan Eng Ten wrote:
>
>>> But how??? Could you give an example please (of [a] creating, and [b]
>>> signing a "req")?
>>
>>
>>
>> How is in the HOWTO (http://www.openssl.org/docs/HOWTO/)
>
>
>
> Darn, I thought I explained the problem: openssl "req" seems to require
> private key of the cert requestor, which defeats the whole idea of PKI.
> Here's the excerpt of the HOWTO you're referring me to.  It is not
> helpful, sorry - for the above reason (private key necessary).
>
> The certificate request is created like this:
>
>  openssl req -new -key privkey.pem -out cert.csr
>                    ^^^^^^^^^^^^^^^^
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Capturing X509 certificate and storing them using the Windows Certificates API

PJ-7
In reply to this post by Dr. Stephen Henson
Hi all,

My application needs to support Non-repudiation using X509 certificates ala
AS2.

Has anyone had the pleasure of storing X509 client and server certificates
in the windows certificate registry / database? And if so, whats the best
place to start to convert X509 to the windows format?

Thanks!
Pj.

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Capturing X509 certificate and storing them using the Windows Certificates API

Raj Singh-5
Hi
Just try this.
Generating Certificates for Windows Clients
When generating certicates forWindows clients you have to make sure
that the lifetime
of the certicate lies within the lifetime of the CA. If the lifetime
of the certicate
exceeds the lifetime of the CA, the windows client will not accept the
certicate!
The easiest way to transfer certicates to a windows box is by using the PKCS#12
exchange format. Openssl can reformat the certicates to this format:
$ openssl pkcs12 -export -inkey key.pem -in cert.pem -certfile
cacert.pem -out export.p12

enjoy.

On 7/7/05, Pj <[hidden email]> wrote:

> Hi all,
>
> My application needs to support Non-repudiation using X509 certificates ala
> AS2.
>
> Has anyone had the pleasure of storing X509 client and server certificates
> in the windows certificate registry / database? And if so, whats the best
> place to start to convert X509 to the windows format?
>
> Thanks!
> Pj.
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Capturing X509 certificate and storing them using the Windows Certificates API

Dr. Stephen Henson
In reply to this post by PJ-7
On Thu, Jul 07, 2005, Pj wrote:

> Hi all,
>
> My application needs to support Non-repudiation using X509 certificates ala
> AS2.
>
> Has anyone had the pleasure of storing X509 client and server certificates
> in the windows certificate registry / database? And if so, whats the best
> place to start to convert X509 to the windows format?
>

Do you mean the database use by MSIE et al? If so then there are two options.

If you want to install the certificate *and* private key use PKCS#12 format,
the OpenSSL pkcs12 utility and APIs can do that. Use a .pfx oro .p12 extension
if you want Windows to recognise the file type automatically,

If you want to install just the certificate (not sure why you'd want to do
that with a server certificate: you should store its CA) then use DER format
AND NOT PKCS#12!! The reason for the emphasis is in the FAQ. Use an appropriate
extension such as .crt.

If you want to install these manually then use the certificate import wizard
from MSIE or just double click on them.

If you want to install them programatically then you'll need to use CryptoAPI.
Details in the MS docs.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
12