Hi,
How do I detect whether a certificate request (in particular, the public
key) has been modified before signing?
The only solutions I can see are:
- doing an explicit test using private and public key
- checking the public key data in request and certificate by eye
I cannot see any way of detecting this using openssl as a standalone tool -
there is no support (that I can see) for request fingerprints and no
automated test to compare request and certificate, or certificate and
private key.
Note that fingerprints after signing do not detect modifications before
signing and the openssl verify command checks CA chains, not
certificate/key pairs.
Also, are there any known attacks (apart from denial of service) that can
exploit this?
Sorry if this has an obvious solution that I've missed,
Andrew
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
