Re: [openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?
On Mon, Apr 06, 2015 at 06:40:28PM +0200, Erwann Abalea wrote: > >What makes you think it is incorrect to check the Key > >Identifier (where present) before checking a signature > >against a key? > > Because the presented file4.pem is a valid issuer certificate for the one > found in file3.pem? > RFC5280 section 6.1 gives the validation algorithm, and the Key Identifier > isn't mentioned. > 6.1.3(a) checks for signature, validity, revocation status, and names (i.e. > that issuercert.subjectName = cert.issuerName). > > You're not supposed to follow exactly the same algorithm (or the one > described in X.509), but whatever you choose, the result MUST be equivalent. On the other hand issuers should not issue certificates whose AKID keyid does not match the subject key identifier of the issuer CA. OpenSSL has been checking this condition for two decades at least, and changing this is an incompatible change that cannot be made in any releases prior to 1.1.0 (not yet released). Even then, I am not convinced that the proposed change is warranted. -- Viktor. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?
Le 04/04/2015 05:31, Jakob Bohm a écrit : (top posting like the rest of the thread) (I don't like it either, but that's what Thunderbird proposes by default). What makes you think it is incorrect to check the Key Identifier (where present) before checking a signature against a key? Because the presented file4.pem is a valid issuer certificate for the one found in file3.pem? RFC5280 section 6.1 gives the validation algorithm, and the Key Identifier isn't mentioned. 6.1.3(a) checks for signature, validity, revocation status, and names (i.e. that issuercert.subjectName = cert.issuerName). You're not supposed to follow exactly the same algorithm (or the one described in X.509), but whatever you choose, the result MUST be equivalent. What other reasonable purpose could the Key Identifier fields serve? A helper to build a certificate chain to be passed to the validation algorithm. On 03/04/2015 10:56, Erwann Abalea wrote: > (Forwarded to openssl-users) > > The subjectName of file4.pem matches the issuerName of > file3.pem, the signature block in file3.pem, when verified > with the public key of file4.pem, gives a correct signature > for the tbsCertificate of file3.pem. But Openssl also > (incorrectly, IMO) checks that file4.pem.SKI matches > file3.pem.AKI, and refuses to go further (here, AKI doesn't > match SKI). > > Le 03/04/2015 03:10, Yuting Chen a écrit : > > I used OpenSSL to verify a certificate file (file3.pem) > > against another certificate file (file4.pem). OpenSSL > > reports that it cannot find the issuer of the cert in > > file3.pem; while when I displays file3.pem and file4.pem, > > it appears that the issuer of the cert in file3.pem is the > > same as the subject of the cert in file4.pem. Did I miss > > anything? P.S. Don't put your e-mail sig in the middle of the mail, it causes standards-compliant mail programs to cut off everything below it when replying (because everyting below the -- marker is, by definition, just the e-mail sig). I know, I often forget to manually switch between "corporate" and "hard core" modes. And Thunderbird doesn't help. -- Erwann ABALEA ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?
In fact I did not use any store (thus openssl should be correct). I just tested the logic (openssl verify -CAfile $ca_file $file) and found that it is a little tricky to find the issuer of a certificate (e.g., name/sn-based, key id based), and the behavior is unpredictable. Sometimes a certificate may have two or more authority key ids (it should be incorrect, but I just produced some certificates to test the logic, and found that the issuer can be found or not found.) Sounds like that the issuer cannot be found because the authority key id of file3.pem does not match with the subject key id of file4.pem. Meanwhile the building strategy is flexible. I also made some certificates contains two or more instances of authority key ids, and the issuer can be found (or sometimes cannot be found). On Sat, Apr 4, 2015 at 2:35 PM, Yuting Chen wrote: > In fact I did not use any store (thus openssl should be correct). I just > tested the logic (openssl verify -CAfile $ca_file $file) and found that it > is a little tricky to find the issuer of a certificate (e.g., > name/sn-based, key id based), and the behavior is unpredictable. Sometimes > a certificate may have two or more authority key ids (it should be > incorrect, but I just produced some certificates to test the logic, and > found that the issuer can be found or not found.) > > Sounds like that the issuer cannot be found because the authority key id > of file3.pem does not match with the subject key id of file4.pem. Meanwhile > the building strategy is flexible. I also made some certificates contains > two or more instances of authority key ids, and the issuer can be found (or > sometimes cannot be found). > > On Sat, Apr 4, 2015 at 1:22 PM, Jeffrey Walton wrote: > >> > What makes you think it is incorrect to check the Key >> > Identifier (where present) before checking a signature >> > against a key? >> >> An X.509 certificate does one thing: it binds a public key to an >> identity. In PKI, a public key alone means nothing because trust is >> placed in principals or issuers. >> >> In end entity certificate, you don't need the Issuer DN and AKI >> because they are disjoint and uncertified. You need the issuing >> certificate with a valid signature. But it would be helpful to find >> the issuer's certificate easily. >> >> If the AKI is missing, wrong or a duplicate, then it just means that >> you lost the ability to find an issuing certificate easily. >> >> OpenSSL could be more flexible or friendly in its building strategy. >> But that could move into the "which directory" problem rather quickly. >> >> If Yuting Chen provided a store with the required certificates, then >> OpenSSL is probably incorrect. Chen's original email does not detail >> it, so its hard to say at the moment. >> >> > What other reasonable purpose could the Key Identifier >> > fields serve? >> >> Its a hint to help find the issuing certificate. Its supposed to be >> used when an issuer has multiple signing keys. >> >> The AKI does not need to be a key identifier. It can also be be the { >> Issuer DN, Serial Number } pair of the issuer's certificate. >> >> Jeff >> > > ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?
> OpenSSL could be more flexible or friendly in its building strategy. > But that could move into the "which directory" problem rather quickly. > This is kind of interesting. Looking at RFC 5280, section 4.2.1.1 Authority Key Identifier (p. 26): The value of the keyIdentifier field SHOULD be derived from the public key used to verify the certificate's signature or a method that generates unique values. So there's no requirement that the digest of the signer's public key be used in the subject's AKI. It looks like it could be a totally random value. The only requirement is that its unique. Now this is odd or at least counter-intuitive: the standard does not require that Authority Key Identifier in the subject certificate actually match the Subject Key Identifier in the signer. Its not stated and labeled MUST; in fact, it does not appear to be stated. I'm looking at sections 4.2.1.1 Authority Key Identifier and 4.2.1.2 Subject Key Identifier (maybe its stated elsewhere). If I am reading things correctly: I think that means OpenSSL is incorrect if its rejecting a valid path that could be constructed. I have to be careful how I say this since it depends on OpenSSL having the required certificates to construct the path (among other things). But a mismatched AKI is *not* a reason to reject. Jeff ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?
> What makes you think it is incorrect to check the Key > Identifier (where present) before checking a signature > against a key? An X.509 certificate does one thing: it binds a public key to an identity. In PKI, a public key alone means nothing because trust is placed in principals or issuers. In end entity certificate, you don't need the Issuer DN and AKI because they are disjoint and uncertified. You need the issuing certificate with a valid signature. But it would be helpful to find the issuer's certificate easily. If the AKI is missing, wrong or a duplicate, then it just means that you lost the ability to find an issuing certificate easily. OpenSSL could be more flexible or friendly in its building strategy. But that could move into the "which directory" problem rather quickly. If Yuting Chen provided a store with the required certificates, then OpenSSL is probably incorrect. Chen's original email does not detail it, so its hard to say at the moment. > What other reasonable purpose could the Key Identifier > fields serve? Its a hint to help find the issuing certificate. Its supposed to be used when an issuer has multiple signing keys. The AKI does not need to be a key identifier. It can also be be the { Issuer DN, Serial Number } pair of the issuer's certificate. Jeff ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?
On Sat, Apr 04, 2015 at 05:31:37AM +0200, Jakob Bohm wrote: > (top posting like the rest of the thread) > > What makes you think it is incorrect to check the Key > Identifier (where present) before checking a signature > against a key? > > What other reasonable purpose could the Key Identifier > fields serve? Indeed I have code that relies on OpenSSL taking the SKI and AKI into account. -- Viktor. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?
(top posting like the rest of the thread) What makes you think it is incorrect to check the Key Identifier (where present) before checking a signature against a key? What other reasonable purpose could the Key Identifier fields serve? On 03/04/2015 10:56, Erwann Abalea wrote: > (Forwarded to openssl-users) > > The subjectName of file4.pem matches the issuerName of > file3.pem, the signature block in file3.pem, when verified > with the public key of file4.pem, gives a correct signature > for the tbsCertificate of file3.pem. But Openssl also > (incorrectly, IMO) checks that file4.pem.SKI matches > file3.pem.AKI, and refuses to go further (here, AKI doesn't > match SKI). > > Le 03/04/2015 03:10, Yuting Chen a écrit : > > I used OpenSSL to verify a certificate file (file3.pem) > > against another certificate file (file4.pem). OpenSSL > > reports that it cannot find the issuer of the cert in > > file3.pem; while when I displays file3.pem and file4.pem, > > it appears that the issuer of the cert in file3.pem is the > > same as the subject of the cert in file4.pem. Did I miss > > anything? P.S. Don't put your e-mail sig in the middle of the mail, it causes standards-compliant mail programs to cut off everything below it when replying (because everyting below the -- marker is, by definition, just the e-mail sig). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?
(Forwarded to openssl-users) The subjectName of file4.pem matches the issuerName of file3.pem, the signature block in file3.pem, when verified with the public key of file4.pem, gives a correct signature for the tbsCertificate of file3.pem. But Openssl also (incorrectly, IMO) checks that file4.pem.SKI matches file3.pem.AKI, and refuses to go further (here, AKI doesn't match SKI). -- Erwann ABALEA Le 03/04/2015 03:10, Yuting Chen a écrit : I used OpenSSL to verify a certificate file (file3.pem) against another certificate file (file4.pem). OpenSSL reports that it cannot find the issuer of the cert in file3.pem; while when I displays file3.pem and file4.pem, it appears that the issuer of the cert in file3.pem is the same as the subject of the cert in file4.pem. Did I miss anything? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users