Re: Sign public key without having CSR or private key?
On 07.07.2012 23:27, Dr. Stephen Henson wrote: I added an option -force_pubkey to the OpenSSL 'x509' utility to do this. It is only in HEAD at present. Hi Steve, that's excellent! If I am not mistaken, this is exactly what one would also need in order to use the pubkey in individually trusted S/MIME-Certs when the issuing CA is categorically untrusted. One could simply create a cert for local use in encryption/signature-validation from one's own trusty CA. Are there any plans to include your patch in vanilla openssl anytime soon? Thanks, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Sign public key without having CSR or private key?
On Tue, Feb 05, 2013, Michael Ionescu wrote: On 07.07.2012 23:27, Dr. Stephen Henson wrote: I added an option -force_pubkey to the OpenSSL 'x509' utility to do this. It is only in HEAD at present. Hi Steve, that's excellent! If I am not mistaken, this is exactly what one would also need in order to use the pubkey in individually trusted S/MIME-Certs when the issuing CA is categorically untrusted. One could simply create a cert for local use in encryption/signature-validation from one's own trusty CA. There are problems with that approach. In the case of PKCS#7 certificates are identified by issuer name and serial number not public key. So a new CA wouldn't be recognised as it would have a different name. In the case of CMS you can identify the certificate by key identifier: but you'd have to make sure the SKID extension of the new certificate matched the old one. Are there any plans to include your patch in vanilla openssl anytime soon? It can be backported to OpenSSL 1.0.2 easily enough. Due to the versioning rules it can't appear in anything sooner. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Sign public key without having CSR or private key?
On Sat, Jul 7, 2012 at 2:27 PM, pro...@secure-mail.biz wrote: Hello, is it possible to sign a foreign SSL public key without having CSR/private key? Background: Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd like to pin a SSL certificate from a website I have no control over. (Therefore I no access the the private key and can subsequently also not create a CSR.) Pin the SSL cert by using a local self signed CA. Sorry to dig up an old topic. From Hacker Bypasses Apple's iOS In-App Purchases, http://www.esecurityplanet.com/mobile-security/hacker-bypasses-apples-ios-in-app-purchases.html: Essentially, this circumvention technique relies on installing certificates for a fake in-app purchase server as well as a custom DNS server, writes ZDNet's Emil Protalinski. The latter's IP address is then mapped to the former, which in turn allows all 'purchases' to go through. PKI and DNS are complicit here, also. I'm not sure if Apple exposes any pinning functionality in their StoreKit API. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Sign public key without having CSR or private key?
Hello, is it possible to sign a foreign SSL public key without having CSR/private key? Background: Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd like to pin a SSL certificate from a website I have no control over. (Therefore I no access the the private key and can subsequently also not create a CSR.) Pin the SSL cert by using a local self signed CA. Cheers, proper __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Sign public key without having CSR or private key?
On Sat, Jul 7, 2012 at 2:27 PM, pro...@secure-mail.biz wrote: Hello, is it possible to sign a foreign SSL public key without having CSR/private key? Background: Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd like to pin a SSL certificate from a website I have no control over. (Therefore I no access the the private key and can subsequently also not create a CSR.) Pin the SSL cert by using a local self signed CA. Don't forget MD5 signatures and the nuances of Flame (chosen collision attack, Microsoft's profile, and lack of key usage enforcement). Also, other infrastructure problems, such as DNS, are remediated. You pin a certificate by whitelisting expected server certificates (possibly thumbprints). There's usually no need to sign another's key or certificate (I've never done it that way, and never seen it done that way). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Sign public key without having CSR or private key?
noloa...@gmail.com wrote: You pin a certificate by whitelisting expected server certificates (possibly thumbprints). How to do that? There's usually no need to sign another's key or certificate (I've never done it that way, and never seen it done that way). A little more background... Stories like the diginotar compromise [1] may happen again, anytime. I am developing an anonymous operating system [2]. We use wget to download Tor Browser from torproject.org and to access check.torproject.org. (Not available over secure apt.) Wget does offer ca pinning, but does not support certificate pinning [3]. So my original question was how do I get wget to verify the torproject.org fingerprint [4] without depending on root CA's? The only possible solution I saw was downloading the torproject.org SSL public key, run a local CA, sign the certificate and run wget with the --ca-certificate switch. That's why I posted the question Sign public key without having CSR or private key? here. If there are any suggestions for this situation I am all ears. [1] https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it [2] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ [3] https://lists.gnu.org/archive/html/bug-wget/2012-07/msg8.html [4] https://www.torproject.org/docs/faq.html.en#SSLcertfingerprint __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Sign public key without having CSR or private key?
On Sat, Jul 7, 2012 at 4:02 PM, pro...@secure-mail.biz wrote: noloa...@gmail.com wrote: You pin a certificate by whitelisting expected server certificates (possibly thumbprints). How to do that? My bad. You usually do it pragmatically in an On Connect callback or delegate. I don't have any OpenSSL code handy, but but below is some .Net/C# code. Cocoa/CocoaTouch and Objective C would do it in NSURLConnection and the NSURLConnectionDelegate (https://developer.apple.com/library/mac/#documentation/Foundation/Reference/NSURLConnectionDelegate_Protocol/Reference/Reference.html); and you would do it in Android with HttpsURLConnection and X509TrustManager (http://stackoverflow.com/questions/11337726/android-httpsurlconnection-and-pinset-example). public static void Main(string[] args) { ServicePointManager.ServerCertificateValidationCallback = PinCertificate; // C1956DC8A7DFB2A5A56934DA09778E3A11023358 // WebRequest wr = WebRequest.Create(https://www.google.com/;); // 8FC079E814777F688BA4C807D9BD67D62AF71AEB WebRequest wr = WebRequest.Create(https://encrypted.google.com/;); wr.GetResponse(); } public static bool PinCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (certificate == null) return false; if (chain == null) return false; byte[] cb = certificate.GetCertHash(); StringBuilder sb = new StringBuilder(cb.Length * 2); foreach (byte b in cb) sb.AppendFormat({0:X2}, b); // Verify against known SHA1 thumb print of the certificate String hash = sb.ToString(); if (hash != C1956DC8A7DFB2A5A56934DA09778E3A11023358) return false; return true; } There's usually no need to sign another's key or certificate (I've never done it that way, and never seen it done that way). A little more background... Stories like the diginotar compromise [1] may happen again, anytime. Yes, agreed. I have no love or trust for the public CA hierarchy, and I am still pissed off about what happened to the folks in Iran who were probably tortured and killed due to Diginotar's failure. I am developing an anonymous operating system [2]. We use wget to download Tor Browser from torproject.org and to access check.torproject.org. (Not available over secure apt.) Wget does offer ca pinning, but does not support certificate pinning [3]. Unfortunately, I'm not familiar with wget (other than executing what I'm told). So my original question was how do I get wget to verify the torproject.org fingerprint [4] without depending on root CA's? The only possible solution I saw was downloading the torproject.org SSL public key, run a local CA, sign the certificate and run wget with the --ca-certificate switch. That's why I posted the question Sign public key without having CSR or private key? here. If there are any suggestions for this situation I am all ears. Perhaps wget needs to be modified so that it allows you to supply expected thumbrints of a server's certificate. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Sign public key without having CSR or private key?
On Sat, Jul 7, 2012 at 4:02 PM, pro...@secure-mail.biz wrote: noloa...@gmail.com wrote: You pin a certificate by whitelisting expected server certificates (possibly thumbprints). [SNIP] So my original question was how do I get wget to verify the torproject.org fingerprint [4] without depending on root CA's? The only possible solution I saw was downloading the torproject.org SSL public key, run a local CA, sign the certificate and run wget with the --ca-certificate switch. That's why I posted the question Sign public key without having CSR or private key?. If there are any suggestions for this situation I am all ears. Come to think of it, you could use OpenSSL's s_client to do the pinning, and then use wget if everything is OK. Its does set up a small breeding ground for a TOCTOU (http://nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf), but I believe the risk is small. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Re: Sign public key without having CSR or private key?
noloa...@gmail.com wrote: On Sat, Jul 7, 2012 at 4:02 PM, pro...@secure-mail.biz wrote: noloa...@gmail.com wrote: You pin a certificate by whitelisting expected server certificates (possibly thumbprints). [SNIP] So my original question was how do I get wget to verify the torproject.org fingerprint [4] without depending on root CA's? The only possible solution I saw was downloading the torproject.org SSL public key, run a local CA, sign the certificate and run wget with the --ca-certificate switch. That's why I posted the question Sign public key without having CSR or private key?. If there are any suggestions for this situation I am all ears. Come to think of it, you could use OpenSSL's s_client to do the pinning, and then use wget if everything is OK. Its does set up a small breeding ground for a TOCTOU (http://nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf), but I believe the risk is small. Since the implementation will be Open Source it were possible for an adversary to take advantage of TOCTOU, i.e. not tamper with s_client traffic but tamper with wget traffic. Cheers, proper __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Sign public key without having CSR or private key?
On Sat, Jul 07, 2012, pro...@secure-mail.biz wrote: Hello, is it possible to sign a foreign SSL public key without having CSR/private key? Background: Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd like to pin a SSL certificate from a website I have no control over. (Therefore I no access the the private key and can subsequently also not create a CSR.) Pin the SSL cert by using a local self signed CA. I'm not sure if this will help but for testing purposes I needed to generate some certificates using DH keys. Since you can't sign with DH you can't create a CSR directly. I added an option -force_pubkey to the OpenSSL 'x509' utility to do this. It is only in HEAD at present. So what you do is create a CSR normally using any key then when you sign it to create a certtificate you specify the foreign key using -force_pubkey. There is an example of its use in demos/certs/mkcerts.sh Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org