View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000918 | Main CAcert Website | certificate issuing | public | 2011-03-21 19:54 | 2014-03-07 12:34 |
Reporter | NEOatNHNG | Assigned To | NEOatNHNG | ||
Priority | high | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 2011 Q1 | ||||
Fixed in Version | 2013 Q4 | ||||
Summary | 0000918: Weak keys in certificates | ||||
Description | A vulnerability regarding weak keys used in certificates that we signed has been reported. Details will be published once this has been fixed. | ||||
Tags | No tags attached. | ||||
Reviewed by | NEOatNHNG, BenBE | ||||
Test Instructions | |||||
related to | 0000964 | closed | VBscript, Weak Keys script 4.php, 17.php to combine / select box key size and lower limit to 2048 | |
related to | 0000954 | closed | Ted | script to bulk revoke weak keys |
related to | 0000978 | closed | BenBE | Invalid SPKAC requests are not properly validated |
related to | 0001255 | closed | wytze | DSA certificate issuing ignores key strength |
|
minimum key i can create client side is with ie8 and "base crypto provider" of length rsa1024 rsa1024 will be created and signed |
|
test1: key generated with: openssl req -new -subj "/CN=Test 1024/emailAddress=webmaster@mydomain.de" -newkey rsa:512 -keyout test2.mydomain.de.key -nodes -out test2.mydomain.de.csr add server cert paste csr result: The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki "the wiki" link points to: https://wiki.cacert.org/WeakKeys#SmallKey link works test1 ok test2: key generated with: openssl genrsa -aes256 -out test4.mydomain.de.key -3 1024 add server cert paste csr result: The keys you use might be insecure. Although there is currently no known attack for reasonable encryption schemes, we're being cautious and don't allow certificates for such keys. Please generate stronger keys. More information about this issue can be found in the wiki "the wiki" link points to: https://wiki.cacert.org/WeakKeys#SmallExponent link works test2 ok test3 key generated with: openssl genrsa -aes256 -out test5.mydomain.de.key -f4 1024 add server cert paste csr result: Please make sure the following details are correct before proceeding any further. CommonName: test5.mydomain.de test3 ok |
|
notification to testers sent |
|
Reminder sent to: hanno, Ted Ted has reviewed the fixes to disallow new weak certificates. Now we need more testers. |
|
1. testserver test w/o patch * generate 512 bit keys test 1. openssl genrsa -out <your-server-name-domain.tld>.key 512 2. openssl req -new -key <your-server-name-domain.tld>.key -out <your-server-name-domain.tld>.csr 3. copy + paste to signing request a. for class1 b. for class3 4. copy + paste signed pub key <your-server-name-domain.tld>-pub.key 5. test new pub key: command: openssl x509 -text -in <your-server-name-domain.tld>-pub.key -noout |
|
test result from note 2034 class1 result: Certificate: Data: Version: 3 (0x2) Serial Number: 4167 (0x1047) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1.it-sls.de, CN=CAcert Testserver Root Validity Not Before: Jun 14 19:23:15 2011 GMT Not After : Jun 13 19:23:15 2013 GMT Subject: CN=myserver.mydomain.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): ... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto X509v3 Key Usage: Digital Signature, Key Encipherment Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 Subject Alternative Name: DNS:myserver.mydomain.net, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption .... class3 result: Certificate: Data: Version: 3 (0x2) Serial Number: 4150 (0x1036) Signature Algorithm: sha1WithRSAEncryption Issuer: O=CAcert Testsever, OU=http://cacert1.it-sls.de, CN=CAcert Testserver Class 3 Validity Not Before: Jun 14 19:34:12 2011 GMT Not After : Jun 13 19:34:12 2013 GMT Subject: CN=myserver.mydomain.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): ... Exponent: 65537 (0x10001) X509v3 extensions: ... X509v3 Subject Alternative Name: DNS:myserver.mydomain.net, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption .... |
|
test 2, similiar to http://bugs.cacert.org/view.php?id=918#c2034 with Exponent 3 1. openssl genrsa -aes256 -out <your-server-name-domain.tld>.key -3 1024 2. openssl req -new -key <your-server-name-domain.tld>.key -out <your-server-name-domain.tld>.csr 3. copy + paste to signing request a. for class1 b. for class3 4. copy + paste signed pub key <your-server-name-domain.tld>-pub.key 5. test new pub key: command: openssl x509 -text -in <your-server-name-domain.tld>-pub.key -noout |
|
test result from note 2036 class1 result: Certificate: Data: Version: 3 (0x2) Serial Number: 4168 (0x1048) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1.it-sls.de, CN=CAcert Testserver Root Validity Not Before: Jun 14 20:10:23 2011 GMT Not After : Jun 13 20:10:23 2013 GMT Subject: CN=myserver.mydomain.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): ... Exponent: 3 (0x3) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto X509v3 Key Usage: Digital Signature, Key Encipherment Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 Subject Alternative Name: DNS:myserver.mydomain, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption ... class3 result: Certificate: Data: Version: 3 (0x2) Serial Number: 4151 (0x1037) Signature Algorithm: sha1WithRSAEncryption Issuer: O=CAcert Testsever, OU=http://cacert1.it-sls.de, CN=CAcert Testserver Class 3 Validity Not Before: Jun 14 20:23:23 2011 GMT Not After : Jun 13 20:23:23 2013 GMT Subject: CN=myserver.mydomain.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): ... Exponent: 3 (0x3) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto X509v3 Key Usage: Digital Signature, Key Encipherment Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 Subject Alternative Name: DNS:myserver.mydomain, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption ... |
|
testkey, 512, class1 Now renewing the following certificates: Processing request 301973: The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki https://wiki.cacert.org/WeakKeys#SmallKey Valid myserver.mydomain Not Revoked 2013-06-13 20:10:23 => not renewed => OK testkey, Exponent 3, class1 Now renewing the following certificates: Processing request 301975: The keys you use might be insecure. Although there is currently no known attack for reasonable encryption schemes, we're being cautious and don't allow certificates for such keys. Please generate stronger keys. More information about this issue can be found in the wiki https://wiki.cacert.org/WeakKeys#SmallExponent Valid myserver.mydomain Not Revoked 2013-06-13 20:10:23 => not renewed => OK key link results in identical key that was downloaded before renewal request, so renewal req didn't get passed |
|
Created 512-bit and exponent 3 RSA keys and requested one client and one server certificate for each (with disabled patch). Renewing produces the expected results (with enabled patch). That means they couldn't be renewed and the error message corresponds to the weakness in the cert. |
|
Seems to work as expected. No certs are signed / renewed. Tested (server certs): * rnw 512 bit (class1) * rnw exp 3 (class1) * new 512 bit (class1) * new 512 bit (class3) * new exp 3 (class1) * new exp 3 (class3) After trying to renew the cert afterwards is identical to before renewal when trying to download. No renewal took place. |
|
I use a Number only tld like 1234.tld testkey, 512, class3 Now renewing the following certificates: Processing request 301982: The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki https://wiki.cacert.org/WeakKeys#SmallKey Valid 4321.tld Not Revoked 2013-06-13 21:50:57 => not renewed => OK testkey, Exponent 3, class3 Now renewing the following certificates: Processing request 301984: The keys you use might be insecure. Although there is currently no known attack for reasonable encryption schemes, we're being cautious and don't allow certificates for such keys. Please generate stronger keys. More information about this issue can be found in the wiki https://wiki.cacert.org/WeakKeys#SmallExponent Valid 4321.tld Not Revoked 2013-06-13 22:02:00 => not renewed => OK |
|
Also successfully tested the patch for organisation certifices (class1 + 3 / new + renew / 512 bit + exp 3) And also tested client certs with a selection of the different options by submitting a csr. |
|
I guess testing is now finished. Email sent to critical team |
|
Fix applied to production server on June 16, 2011. See also https://lists.cacert.org/wws/arc/cacert-systemlog/2011-06/msg00007.html |
|
This is still not completely fixed. It's still possible to create new certificates with insecure keylengths like 1024. When I reported this back then I was told that this will stay for some intermediate time because of some compatibility issues yet to be resolved. However, I think it's time that keys < 2048 bits should finally be forbidden. It's only a matter of time till they'll be broken. |
|
The compatibility issue was finally resolved a few weeks ago. I think we can now disable issuing new 1024 bit keys. |
|
I have raised the limit for the key size on the test server. Please test and review. |
|
IE: Client Certificate medium is 2048 bits Client Certificate custom shows text: Please note that RSA key sizes smaller than 2048 bit will not be accepted by CAcert. =>ok Firefox: Client Certficate medium throws error message: The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki. =>ok |
|
Firefox: Client Certficate medium throws error message: The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki. =>ok Keysize high .. passes the process and results on page with 3 links Install the certificate into your browser Install PEM Install DER and ascii block for copy & paste -> key installed cert 11:C2 class1 created, found in FF keystore => ok |
|
The fix has been installed on the production server on October 16, 2013. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2013-10/msg00006.html |
Date Modified | Username | Field | Change |
---|---|---|---|
2011-03-21 19:54 | NEOatNHNG | New Issue | |
2011-03-21 19:54 | NEOatNHNG | Status | new => needs work |
2011-03-21 19:54 | NEOatNHNG | Assigned To | => NEOatNHNG |
2011-04-09 00:16 | Uli60 | Note Added: 0001912 | |
2011-04-11 23:12 | Uli60 | Note Added: 0001914 | |
2011-04-11 23:36 | Uli60 | Note Edited: 0001914 | |
2011-04-21 17:57 | Uli60 | Note Added: 0001938 | |
2011-04-26 22:40 | NEOatNHNG | Note Added: 0001946 | |
2011-04-26 22:41 | NEOatNHNG | Status | needs work => needs feedback |
2011-05-04 21:36 | NEOatNHNG | View Status | private => public |
2011-06-14 01:25 | NEOatNHNG | Status | needs feedback => needs review & testing |
2011-06-14 01:33 | NEOatNHNG | Status | needs review & testing => needs testing |
2011-06-14 19:50 | Uli60 | Note Added: 0002034 | |
2011-06-14 19:52 | Uli60 | Note Added: 0002035 | |
2011-06-14 20:17 | Uli60 | Note Added: 0002036 | |
2011-06-14 20:26 | Uli60 | Note Added: 0002037 | |
2011-06-14 22:20 | Uli60 | Note Added: 0002038 | |
2011-06-14 22:23 | NEOatNHNG | Note Added: 0002039 | |
2011-06-14 22:32 | Uli60 | Note Edited: 0002038 | |
2011-06-14 22:37 | law | Note Added: 0002040 | |
2011-06-14 22:43 | MartinGummi | Note Added: 0002041 | |
2011-06-14 23:49 | law | Note Added: 0002042 | |
2011-06-15 00:04 | NEOatNHNG | Note Added: 0002043 | |
2011-06-15 00:04 | NEOatNHNG | Status | needs testing => ready to deploy |
2011-06-16 09:25 | wytze | Note Added: 0002047 | |
2011-06-16 09:25 | wytze | Status | ready to deploy => closed |
2011-06-16 09:25 | wytze | Resolution | open => fixed |
2011-06-19 16:46 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 5adba778 |
2011-06-19 16:46 | NEOatNHNG | Source_changeset_attached | => cacert-devel release d1983451 |
2011-06-19 16:53 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 15bfb273 |
2011-06-19 16:53 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 62e7147c |
2011-06-19 16:53 | NEOatNHNG | Source_changeset_attached | => cacert-devel master ef28052c |
2011-06-19 16:53 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 12082b51 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 5adba778 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release a4ca549c |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release d1983451 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release cd9e6e79 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 803eaaf7 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 384b57dc |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 2faeb003 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release b23ac549 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release e2cad28b |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release f6ba93d4 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release a706b59b |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 7a296469 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 94391e3f |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 3cdf9f38 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 15bfb273 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 62e7147c |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel master ef28052c |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 12082b51 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 5adba778 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release a4ca549c |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release d1983451 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release cd9e6e79 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 803eaaf7 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 384b57dc |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 2faeb003 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release b23ac549 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release e2cad28b |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release f6ba93d4 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release a706b59b |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 7a296469 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 94391e3f |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 3cdf9f38 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 15bfb273 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 62e7147c |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel master ef28052c |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 12082b51 |
2011-06-28 09:52 | Uli60 | Relationship added | related to 0000954 |
2011-10-21 19:25 | NEOatNHNG | Relationship added | related to 0000978 |
2011-10-21 20:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 82c2ea4c |
2013-01-15 15:29 | Werner Dworak | Fixed in Version | => 2011 Q2 |
2013-01-15 19:01 | hanno | Note Added: 0003660 | |
2013-01-15 19:01 | hanno | Status | closed => needs feedback |
2013-01-15 19:01 | hanno | Resolution | fixed => reopened |
2013-03-13 21:23 | NEOatNHNG | Note Added: 0003821 | |
2013-03-13 21:23 | NEOatNHNG | Status | needs feedback => needs work |
2013-03-13 21:23 | NEOatNHNG | Relationship added | related to 0000964 |
2013-03-19 19:29 | NEOatNHNG | Reviewed by | => NEOatNHNG |
2013-03-19 19:29 | NEOatNHNG | Note Added: 0003827 | |
2013-03-19 19:29 | NEOatNHNG | Status | needs work => needs review & testing |
2013-03-19 19:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 7c25e77b |
2013-03-19 19:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable f5364271 |
2013-03-26 11:54 | BenBE | Product Version | => 2011 Q1 |
2013-03-26 23:23 | INOPIAE | Note Added: 0003852 | |
2013-03-26 23:25 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 1457c238 |
2013-03-26 23:25 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable c1903027 |
2013-03-26 23:31 | INOPIAE | Note Edited: 0003852 | |
2013-03-29 11:42 | BenBE | Reviewed by | NEOatNHNG => NEOatNHNG, BenBE |
2013-03-29 11:42 | BenBE | Status | needs review & testing => needs testing |
2013-04-16 21:43 | Uli60 | Note Added: 0003896 | |
2013-09-10 23:40 | NEOatNHNG | Status | needs testing => ready to deploy |
2013-10-15 21:20 | BenBE | Source_changeset_attached | => cacert-devel release 8947e9be |
2013-10-16 11:00 | wytze | Note Added: 0004397 | |
2013-10-16 11:00 | wytze | Status | ready to deploy => solved? |
2013-10-16 11:00 | wytze | Fixed in Version | 2011 Q2 => 2013 Q4 |
2013-10-16 11:00 | wytze | Resolution | reopened => fixed |
2013-11-06 15:41 | NEOatNHNG | Status | solved? => closed |
2014-03-07 12:34 | INOPIAE | Relationship added | related to 0001255 |