Re: Questions About DigiCert .onion Certificate SubjectPublicKey Hash

2021-02-18 Thread Ryan Sleevi via dev-security-policy 
This is already tracked as https://github.com/cabforum/servercert/issues/190
and is waiting the completion of SC41v2 in the CA/Browser Forum Server
Certificate Working Group before working on (along with a cluster of
related .onion fixes)

On Thu, Feb 18, 2021 at 12:05 PM SXIA via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> Hello,
>
> As required by CABForum guidelines, CAs must include the hash of an ASN.1
> SubjectPublicKey of the .onion service. For example,
> https://crt.sh/?id=3526088262 shows the SHA256 of the public key of
> archivev3qli37bju4rlh27glh24lljyezwxf4pokmrdbpefjlcrp5id.onion is
> 08afa9604f4cd74a1a867f3ffcf61faacdb19785a9d4c378f72a54503f73dd65
>
> Since this a v3 address, it is not difficult to extract the public key
> from .onion domain. Below is the hexdump of hs_ed25519_public_key
>
> 3d 3d 20 65 64 32 35 35  31 39 76 31 2d 70 75 62
> 6c 69 63 3a 20 74 79 70  65 30 20 3d 3d 00 00 00
> 04 44 74 54 95 dc 16 8d  fc 29 a7 22 b3 eb e6 59
> f5 c5 ad 38 26 6d 72 f1  ee 53 22 30 bc 85 4a c5
>
> So the public key (32 bytes long) is just the last two lines of the
> hexdump, and we can generate the public_key.pem from it, which is
>
> -BEGIN PUBLIC KEY-
> MCowBQYDK2VwAyEABER0VJXcFo38Kacis+vmWfXFrTgmbXLx7lMiMLyFSsU=
> -END PUBLIC KEY-
>
> We can also convert it to DER ($ openssl pkey -pubin -outform DER -out
> public_key.der), and here comes the problem: I tried to hash the DER file,
> and I got 141dcca6fea50f1c9f12c7150ca157a8e6e7bf7e79a6eb6f592a6235ab57ce23,
> which is different from what I see in DigiCert's certificate. Any ideas why
> this happened?
>
> Also, since the support of v2 .onion address will be removed from the Tor
> code base on July 15th, 2021 and v3 .onion address contains the full public
> key, I think it is meaningless to have 2.23.140.1.31 extension after that.
>
> Best,
> Xia
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Questions About DigiCert .onion Certificate SubjectPublicKey Hash

2021-02-18 Thread SXIA via dev-security-policy 
Hello,

As required by CABForum guidelines, CAs must include the hash of an ASN.1 
SubjectPublicKey of the .onion service. For example, 
https://crt.sh/?id=3526088262 shows the SHA256 of the public key of 
archivev3qli37bju4rlh27glh24lljyezwxf4pokmrdbpefjlcrp5id.onion is 
08afa9604f4cd74a1a867f3ffcf61faacdb19785a9d4c378f72a54503f73dd65

Since this a v3 address, it is not difficult to extract the public key from 
.onion domain. Below is the hexdump of hs_ed25519_public_key

3d 3d 20 65 64 32 35 35  31 39 76 31 2d 70 75 62
6c 69 63 3a 20 74 79 70  65 30 20 3d 3d 00 00 00
04 44 74 54 95 dc 16 8d  fc 29 a7 22 b3 eb e6 59
f5 c5 ad 38 26 6d 72 f1  ee 53 22 30 bc 85 4a c5

So the public key (32 bytes long) is just the last two lines of the hexdump, 
and we can generate the public_key.pem from it, which is

-BEGIN PUBLIC KEY-
MCowBQYDK2VwAyEABER0VJXcFo38Kacis+vmWfXFrTgmbXLx7lMiMLyFSsU=
-END PUBLIC KEY-

We can also convert it to DER ($ openssl pkey -pubin -outform DER -out 
public_key.der), and here comes the problem: I tried to hash the DER file, and 
I got 141dcca6fea50f1c9f12c7150ca157a8e6e7bf7e79a6eb6f592a6235ab57ce23, which 
is different from what I see in DigiCert's certificate. Any ideas why this 
happened?

Also, since the support of v2 .onion address will be removed from the Tor code 
base on July 15th, 2021 and v3 .onion address contains the full public key, I 
think it is meaningless to have 2.23.140.1.31 extension after that.

Best,
Xia
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy