Public Key Infrastructure

terms

• entity
• identity
• identifier
  • refers to entity which has identity
• claim
• authentication
  • process of confirming the truth of some claim
• subscriber
• end entity
  • a subscriber
• subject
• CA(Certificate Authority)
  • a certificate issuer
  • CA issues certificates to subscribers
• leaf certificates
  • certificate of end entity
• root certificates
  • certificates for CA
  • top certificates for certificate chains
• intermediate certificates
  • certificates for CA
  • middle certificates for certificate chains
• relying party
  • a certificate user

(Additionally)

• RA(Registration Authority)
• VA(Validation Authority)
• Web PKI
• Internal PKI
• SAN(Certificate Alternative Name)
• CSR(Certificate Signing Request)
  • contains public key
  • mostly it’s sent or uploaded to CA on the process of getting the certificate

MAC

(MAC is not related to PKI (?))

• MAC (Message Authentication Code)
  • hash value to be used as if checksum
  • can be generated from the contents and the shared code
  • verifies both data integrity and authenticity
• HMAC
  • specific type of MAC

Signature

• Signature
  • make use of public key and private key
  • verified using public key
  • generated with the private key
  • holds not-repudiation property
    • the private key holder can’t deny (repudiate) the fact that they signed some data.
  • RSA can be used

Public key cryptography

• also called asymmetric cryptography
• public key
  • encrypts data that can be decrypted by the private key
• private key
  • can encrypt data that can be verified
  • can sign data
  • it’s important for the owner to keep this safe
  • formally this should be made by the end user. But, for the convenience, CA provides a pair of keys without requesting CSR from the user.
• algorithms
  • RSA
• not fast

Symmetric key cryptography

• algorithms
  • AES
  • DES
  • …
• fast

process(SSL Handshake)

• client sends hello to server
  • cryptographic information
    • TLS/SSL version
    • CipherSuites list in the order of preference
  • random bytes
  • data compression methods supported by the client
• server sends hello to client
  • cipher suite chosen
  • session ID
  • random bytes
  • server certificate
  • client certificate request (optional)
    • types of certificates which are supported
    • list of acceptable CA
• client verifies server certificate
• client check cryptographic parameters
• client sends random bytes for secret key
  • client and server will compute the shared secret key from the bytes
  • encrypted with server’s public key
  • later both client and server will use the shared secret key to exchange messages
• client sends client certificate (if required)
  • random bytes encrypted with the client’s private key
  • with client’s certificate
• server verifies client certificate (if required)
• client sends “finished”
  • encrypted with the shared secret key
• server sends “finished”
  • encrypted with the shared secret key
• exchange messages
  • encrypted with the shared secret key

Standards

• Real world use cases
  • most certificates are X.509 v3 certificates.
  • They’re defined using ASN.1 and usually serialized as PEM-encoded DER.
  • The corresponding private keys are usually represented as PKCS#8 objects, also serialized as PEM-encoded DER.
  • If you use Java or Microsoft you might run into PKCS#7 and PKCS#12 envelope formats.
• PKCS#1
  • definition for implementing a public key
• PKCS#7
  • a guideline how to …
    • send messages
    • sign messages
    • …
• PKCS#8
  • syntax for storing private key information
  • PKCS#8 private key may be encrypted with a passphrase using the PKCS#5
• PKCS#12
  • how to bundle many cryptography objects as a single file
  • successor of MS’s PFX
  • file extensions
    • .p12
    • .pfx
• X.509
  • standard defining the format of public key certificates
  • TLS uses this
• ASN.1
  • standard interface description language
  • supports cross platform serialization and deserialization
  • encoding rules
    • BER(Basic Encoding Rules)
    • DER(Distinguished Encoding Rules)
      • binary format
      • composed of type-length-value
      • subset of DER
    • JER(JSON Encoding Rules)
    • XER(XML Encoding Rules)
    • …

file extensions

(encodings, also used as extensions)

• .der
  • binary file encoded in DER
  • may include
    • .crt or .cer
  • type-length-value
• .pem
  • text file encoded in Base64 (base64 encoded der file)
  • may include
    • one or more certificates along with the public keys
    • private key
    • certificate signing request
  • https://www.rfc-editor.org/rfc/rfc1421.txt

(common extensions)

• .crt
  • for certificates
  • common among unix/linux systems
• .cer
  • microsoft convention
  • used by IE
• .key
  • for public keys or private PKCS#8 keys.

Java details

• KeyStore
  • managed by KeyManager
  • contains private keys usually
  • required when a server is running on an SSL connection
  • set by -Djavax.net.ssl.keyStore
• TrustStore
  • managed by TrustManager
  • contains public keys and the certificates usually
  • set by -Djavax.net.ssl.trustStore

OpenSSL commands

Read a certificate

openssl x509 -in certificate.pem -text

Create a private key

openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096

or

openssl genrsa -out key.pem 4096

Create a private key with encryption

openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096 -aes128
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096 -aes192

Create a private key and CSR

openssl req -new -newkey rsa:2048 -nodes -keyout key.pem -out certificate.pem

• -nodes : apply no encryption to the private key

Create a self-signed certificate from a private key

openssl req -key key.pem -x509 -days 365 -out certificate.pem

Create a private key and the certificate

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

PEM to DER

openssl x509 -in cert.crt -outform der -out cert.der

DER to PEM

openssl x509 -in cert.crt -inform der -outform pem -out cert.pem

good practices

• Use short-lived certificates
• Use passive revocation
• Automates certificate renewal
• Don’t disable certificate path

References

• https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm
• https://smallstep.com/blog/everything-pki/
• https://opentutorials.org/course/228/4894
• https://www.cryptologie.net/article/260/asn1-vs-der-vs-pem-vs-x509-vs-pkcs7-vs/
• https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them
• https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem