For my IT Security class I have to create a vulnerable web application.
When logging in the user should upload a certificate (e.g. a PFX file, I chose a use case where this makes sense). However I want to make it so an attacker can recreate the certificate with some basic information.
I did some research and it seems like I need to generate a reproducable SSL key and CSR if I want to use PFX. Can I do this on my own? If so, how? If not, what other options do I have?
Related
Reading up on SSL certificates. There is plenty of material on verifying certificates, CA roots, etc. However, if I want to be certain that only a given
group of servers can be accessed, is there anything wrong with just keeping a cache of the Base64/pem format certs in a file and comparing them?
I have seen answers on the web that the cert will change according to when it was accessed, so I got the pem on an example server, www.yahoo.com, then stored it, accessed the same server and got another pem later, and they matched. I suspect that the cert will be as good as a fingerprint until expiration or the server changes to a new cert.
My idea is to show the decoded cert to the user, then store the base64 verion in a file/cache to form a list of "very trusted servers", or alternately let the user simply form his/her own list of such servers.
The other answer I have seen is to store and compare the decoded version, but this does not seem to me to be as secure as directly comparing the encoded cert.
Thanks for opinions.
If the certificates are validated during the handshake according your requirements, then you may use such a whitelist.
Using "trust-management" is in my opinion not more complex than such a whitelist. Especially, of all peers are controlled by the same organisation. You can create your own CA (even a offlineCA, may be you setup a organisation specific process to ensure, that the CA's private key is used compliant), and as good as you protect that CA's private key, you may trust that CA. So simply use that CA certificate as "only" trust to your TLS/DTLS setups on client and server, and sign all client and server certificates with that CA.
I am currently developing using DDS with the security plugins enable.
When the application starts, it looks for the path to the CA certificate, Local certificate and private key and load them in memory for future usage.
Certificates containing the public keys are not sensitive as they are usually sent in clear and checked using the CA certificate. So an attacker has no need to get access to it. Is that correct?
However, on a Ubuntu filesystem, how can I protect the private key? The only way I see is to put the key as Read-Only only for a specific user that will run the application. But because of privilege escalation, this seems insecure.
Are there secure way to secure private keys on a filesystem ?
About the permissions_ca and Governance/Permissions documents, if those are updated by an attacker (which would create its own CA and sign new Governance/Permissions documents), then, can an application could have more permissions? Meaning that those documents should be secured on the filesystem?
Most of your questions are not specific to DDS Security, but are about general Public Key Infrastructure (PKI) mechanisms as leveraged by DDS Security.
Certificates containing the public keys are not sensitive as they are
usually sent in clear and checked using the CA certificate. So an
attacker has no need to get access to it. Is that correct?
Yes, that is correct. The built-in plugins as defined by the DDS Security specification use a PKI. The public key certificate does normally not contain any confidential information.
However, on a Ubuntu filesystem, how can I protect the private key?
Using "traditional" Unix permissions to allow only the owner of the file to access it is common practice. For example, SSH on Ubuntu by default stores private keys that way, in ~/.ssh. Additionally, the specification allows for encryption of the private key using a passphrase. That too is common practice.
Whether this is good enough for your scenario depends on your system's requirements. It is possible to integrate with existing, stronger key storage solutions like Windows certificate stores or macOS keychains by implementing customize security plugins. The pluggable architecture as defined in the spec was intended to allow for that, but the actual availability of such solutions depends on the DDS product that you are using.
About the permissions_ca and Governance/Permissions documents, if
those are updated by an attacker (which would create its own CA and
sign new Governance/Permissions documents), then, can an application
could have more permissions?
Both the Governance and Permissions documents have to be signed by a signing authority. Tampering with those files would break the signature verification and therefore would be detected by other Participants in the Domain.
All participants in the secured DDS Domain need to trust the same signing authority to make this mechanism work. For an attacker to successfully modify a Governance or Permissions document, it would have to have access to the private keys of the signing authority. Again, this is a common technique used in public key infrastructures similar to the public key certificate signing.
In spite of the tamper protection, it still makes sense to protect those files. The actual result of tampering or deletion of those files would be a denial of service, which is harmful as well.
I have my own webpage www.kasperikoski.fi that is, the way I see it, trusted, and I would like to have the ability to digitally sign PDF-documents by using some kind of sertificate that is put into my webpage so that people really know that it is me signing all these documents.
At first I thought that maybe I could share "public key" at the bottom of my webpage, but then I heard something about OpenSSL. Could that be used in my needs?
How would you carry out this one so that I could use the PDF's integrated "sign digitally"-option?
Assuming that I read your question right, you want to let your web site visitors a way to download some documents, which are created or maintained by your web site, and you want those documents to be digitally signed.
If the document is pre-created, it's possible to sign it during creation (either with the tool that generates them, or create a separate piece of code for signing). If the documents are generated on-the-fly, then your web site should include signing capabilities.
To perform signing you need a certificate with a private key. But not every certificate would work. The certificate you need should be suitable for data signing, rather than just for SSL/TLS. You can try to obtain the certificate for your site from some CA and then use it for signing the documents. Whether the users' software would accept such certificates depends on how Key Usage and Extended Key Usage properties (extensions) of the certificate are put by the CA. Another option would be to create a self-signed certificate.
In case of a self-signed certificate you would want to place the certificate itself (without a private key) to your web site for the users to download and install. This is needed for validation of the signature in your signed documents. No need to say, that you don't put the private key to download, neither you provide it to your users by any other means. It's kept only on the server (and preferably secured to make stealing it harder for the possible attacker).
The technologies / components / tools to use in these scenarios depend on which of the above options you need.
I have an OAuth2 api exposed that runs over HTTPS. Since OAuth2 relies on the security of HTTPS (doesn't do any of it's own signing) I added a note in the developer docs encouraging developers to make sure they validate the ssl certificate in their client applications.
I noticed that some apps make the crt file publicly available or include it in their client: https://github.com/stripe/stripe-ruby/tree/master/lib/data
I assume this is just to make sure it is using the right certs (and not any system installed ones)? If so, is it a good idea to make this crt file publicly available to developers on your API page and what is an easy command/way to generate this file?
Thanks!
When one makes the certificate public this way, he encourages clients to do binary comparison of certificates, i.e. validate the certificate not in a way defined by corresponding standards by building a certificate chain and validating them) but simply by comparing the presented certificate with the one stored in the client.
This method is broken in several ways:
binary comparison doesn't let the client know that the certificate was revoked
with binary comparison the change of server certificate would require updating all clients so that new certificate would be included there. Failure to upgrade would mean impossibility to connect.
Consequently inclusion of the certificate and "straightforward" use of such certificate makes no sense, neither for server owners nor for clients.
The only case when binary comparison is applicable is when self-signed certificates are used (in which case building and validating a chain won't work). But self-signed certificates is a bad idea in any case (due to reasons listed above and some other reasons).
I am developing an html application where an user has to first login using his digital certificate. After login he has to perform encryption and decryption of data using his digital certificate.
Now in case when the certificate is available in the form of .pfx file then we can just install it and the certificate appears in the container and we can use it during login and during encryption and decryption.
This works fine in case if we have .pfx for our digital certificate.
But now i want to enhance it for etoken's(security token). I dont know much about etoken's. The problem is that how can i use the digital certificate stored in it while login?
Also how should i use the private key stored in it while decryption?
Can anyone please tell me about any tutorials (if any) which will explain the usage of etoken and the CryptoAPI's.
As I mentioned in the answer to your previous question, Windows CSPs map the certificate from hardware to Windows certificate storage, so this is transparent to you. If you can access the certificate via Windows certificate storage API, then you don't need to care where the certificate is actually located.
Note that you can't transfer a private key to the server, i.e. you would have to use a client-side module (either ActiveX or Java applet) that will perform operations locally. This is not specific to certificates on hardware, but also to certificates which have non-exportable private keys.