Thank you Richard for a quick response, Richard Levitte wrote:
> Arsen Hayrapetyan writes:
>
>> Hello all,
>> I have a question that comes from a real-life situation.
>> Suppose you have a CA that signed a CSR and prodused a certificate for
>> some user.
>> After sometime the CA revokes that certificate. Then that user sends to
>> a CA a new CSR.
>> The policy of the CA does not permit it to sign a CSR generated using a
>> key which has been revoked (well, the corresponding certificate has been
>> revoked). How can the CA verify that the new CSR hasn't been signed
>> with the old (revoked) key. Is there an elegant method? One option is to
>> get out a public key both from CSR and from (possibly all!) revoked
>> certificates and compare them. If there is a match then CA rejects a CSR
>> as doesn't matching its policy. But this method is too cumbersome. Is
>> there some option to a verification command (say openssl req -verify
>> ...) to verify a CSR which allows to pass a directories or files that
>> contain a list of untrusted certificates?
>
>
I see you suggested something very similar to that I wrote (comparing
digests of public keys instead of PubKeys themselves) :)
Well, I've tested it:
> A quick solution (which seems a bit complicated because 'openssl req'
> has no way to print the key fingerprint):
> Have a file with public key hashes for all revoked certificates, say
> 'revoked-hash.txt'. It's fairly easily generated by doing the
> following when revoking a certificate (in addition to doing 'openssl
> x509 -revoke ...')
> openssl x509 -pubkey -outform DER -in {certfile} | \
> openssl sha1 -hex >> revoked-hash.txt
> Comparing is just as easy:
> CSRHASH=`openssl req -pubkey -outform DER -in {csrfile} | \
> openssl sha1 -hex`
After revoking certificate with 'openssl ca -revoke', I've run the
commands you suggested.
But when I ran the following "shell-part" of your suggestion, I ended up
with a diagnostics that the two commands I had run generated two
different message digests!
Rhe reason was that the first command included the Public Key and the
second one the Request as well, so the MDs were different. Adding -noout
option to baoth commands resolved that problem. Also it works without
"-outform DER" option (with default PEM, I've tried).
> if grep $CSRHASH revoked-hash.txt; then
> # refuse
> else
> # sign
> fi
> That's Unixly shell, of course. You will need to translate it if you
> don't do this on Unix...
> Also, I haven't tested the above code. You will have to do that
> yourself. All I wanted was to give you something to draw inspiration
> from...
> -----
> Please consider sponsoring my work on free software.
> See http://www.free.lp.se/sponsoring.html for details.
What about adding someting similar to "-trustout" option of "openssl
x509" to "openssl -req"?
Anyway, thank you very much for giving me a hint.
Best regards,
Arsen.
--
PGP Key: ID 0xBBE3DFD8 (expires: 2006-08-03)
Fingerprint: 1C3B 2C01 40DF ED87 23B1 BF6F 95C4 2E77 BBE3 DFD8
smime.p7s
Description: S/MIME Cryptographic Signature
