-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 17.04.2014 17:49, Mick wrote: > On Thursday 17 Apr 2014 15:40:04 Matti Nykyri wrote: >> On Apr 17, 2014, at 9:10, Mick <michaelkintz...@gmail.com> >> wrote: >>> On Wednesday 16 Apr 2014 18:56:57 Tanstaafl wrote: >>>> On 4/16/2014 7:14 AM, Matti Nykyri <matti.nyk...@iki.fi> >>>> wrote: >>>>> On Apr 16, 2014, at 13:52, Tanstaafl >>>>> <tansta...@libertytrek.org> wrote: >>>>>> Or will simply replacing my self-signed certs with the >>>>>> new real ones be good enough? >>>>> >>>>> No it will not. Keys are te ones that have been >>>>> compromised. You need to create new keys. With those keys >>>>> you need to create certificate request. Then you send that >>>>> request to certificate authority for signing and publishing >>>>> in their crl. When you receive the signed certificate you >>>>> can start using it with your key. Never send your key to CA >>>>> or expect to get a key from them. >>>> >>>> Ok, thanks... >>>> >>>> But... if I do this (create a new key-pair and CR), will >>>> this immediately invalidate my old ones (ie, will my current >>>> production server stop working until I get the new certs >>>> installed)? >>> >>> You have not explained your PKI set up. Creating a new private >>> key and CSR is just another private key and CSR. >>> >>> If you replace either the private CA key on the server, or any >>> of its certificates chain, but leave the path in your vhosts >>> pointing to the old key/certificate that no longer exist you >>> will of course break the server. Apache will refuse to restart >>> and warn you about borked paths. >>> >>>> I'm guessing not (or else there would be a lot of downtime >>>> for lots of sites involved) - but I've only ever done this >>>> once (created the key-pair, CR and self-signed keys) a long >>>> time ago, so want to make sure I don't shoot myself in the >>>> foot... >>> >>> Yes, better be safe with production machines. However, don't >>> take too long because your private key(s) are potentially >>> already compromised. >>> >>>> I have created new self-=signed certs a couple of times since >>>> creating the original key-pair+CR, but never created a new >>>> key-pair/CR... >>>> >>>>> There are also other algorithms the RSA. And also if you >>>>> wan't to get PFS you will need to consider your setup, >>>>> certificate and security model. >>>> >>>> What is PFS? >>>> >>> http://en.wikipedia.org/wiki/Forward_secrecy >>> >>> I'm no mathematical genius to understand cryptography at >>> anything more than a superficial level, but I thought that >>> ECDS, that PFS for TLS depends on, was compromised from >>> inception by the NSA? Perhaps only some ECDS were, I am not >>> really sure. >> >> I don't know anything about ECDS. You probably mean ECDSA?! What >> i have understood is that ECDSA is not compromised. Though I can >> not be certain about that. >> >> RSA has been in the market for a long time and the mathematics >> are for what i think a bit simpler. But with compromised software >> there was a bad algorithm for creating the primes. So it was the >> keys not RSA it self. But I think the thing that you are talking >> about is DHE_RSA... I read from somewhere that it was quite >> compromised.. But ECDHE is not. The difference with DH and DHE >> (ECDH and ECDHE) is that DH uses static keys and DHE >> authenticated ephemeral keys. These temporary keys give you >> forward secrecy but decrease performance. >> >> RSA takes quite heavy computing for the same level of security >> compared to ECDSA. RSA key creation is even more costly so using >> ephemeral temporary keys with RSA takes quite long to compute. >> Thats why I prefer ECDHE_ECDSA suites for reasonable security and >> fast encryption. >> >>> I remember reading somewhere (was it Schneier?) that RSA is >>> probably a better bet these days. I'd also appreciate some >>> views from the better informed members of the list because >>> there's a lot of FUD and tin hats flying around in the post >>> Snowden era. >> >> For high security application I would also use RSA in excess of >> 16k keys. Then make sure to use random data and a trustworthy >> key-generator. Fighting the agencies is still something I believe >> is virtually impossible ;) > > Thanks Matti, > > Can you please share how you create ECDHE_ECDSA with openssl > ecparam, or ping a URL if that is more convenient? >
I don't think you realy want DSA, but here it is for DH, EC and DSA: openssl genpkey -genparam -algorithm DH \ -pkeyopt dh_paramgen_prime_len:4096 \ -out /path/dh_params.pem openssl genpkey -genparam -algorithm EC \ -pkeyopt ec_paramgen_curve:secp384r1 \ -out /path/ec_params.pem openssl genpkey -genparam -algorithm DSA \ -pkeyopt dsa_paramgen_bits:1024 \ -out /path/dsa_params.pem - -- Kind Regards, Mit freundlichen GrĂ¼ssen, Markus Kohlmeyer Markus Kohlmeyer PGP: 0xEBDF5E55 / 2A22 1F71 AA70 1AD1 231B 0178 759F 407C EBDF 5E55 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBCgAGBQJTUAcrAAoJEHWfQHzr315VTxUP/0KdnN2CBvcQe7qOKEcnXkNq p5DzcBFacq9Opp3/ICUZ21yLla/YA+QuiEoSOQS859xkFnqCVrAOvOLsVS7GJfTG jUUWUEsd6YoxWGZql+m4P92HzTnL1cQAfc2kcd8vI6d0jCDqo3iLBcLwVuV/efz2 qtagFyIeFPAgGQ1RmTptIqc28IL8ugbL8HqePuc5pM8pOyfj7qwHI+64vVKiO+Xu S+orO9nFtDnM7crTz68722qE4+58hj4q/w0N6Uuw8SJbFCDcaal063Ba2WSh+UHm GBXidaK2eVdyTzzPx0rvkxMtD9sVb6WTZZ/gBwtJUNZ5WTinvjmQNDqkyWRxHeXP e4m3mJCB36gdgjjy/0Kmt78otYblVkmI+JYRI4fH3l9fxT14FNuXq63R7aZuFEw2 BiwmR+naf2sxkiAhy/szybfqAmeVGKjEAqlDZkzEz6tlO6SwKkYBpc1QS139QHUN bK++/bhzIh/yNEQjHIhEaMXmRTco+6fdASaq0h4r1mm5A8o0SCSJnNKp4G6ZC1SV kuuYfiSHxpRZ0RoLUsFSZM7oki/j2Q1KYZys917/sLzLeOv2US2ScliEZD5w+mF0 e1cqudLoYP9TSkF/3r/ac5yF6gR4ye1eDEdCFeG2ktq8Ru/JlviiNAspSlm2OOAz kFKkM0cJWaZ/mAuXrrfY =GSjk -----END PGP SIGNATURE-----