Sicurezza Informatica: esercitazione 2

Size: px

Start display at page:

Download "Sicurezza Informatica: esercitazione 2"

Florence Underwood
5 years ago
Views:

1 Sicurezza Informatica: esercitazione 2 Cataldo Basile < polito.it > Politecnico di Torino Dip. Automatica e Informatica

2 Outline two main topics inspection of PKCS#7 messages certificate validation exercises and questions signature formats (PKCS#7/CMS) differences, peculiarities enveloped data check certificate validity offline with CRL online with OCSP OCSP vs. CRL

3 ASN.1, BER, DER, PEM a schema to describe the structure of binary files the same as XMLSchema for XML documents valid instances obtained with encoding rules Basic Encoding Rules (BER) different encodings allowed not unique representation Distinguished Encoding Rules (DER) exactly one way to encode data Privacy Enhanced Mail (PEM) Base64 of data encoded with DER

4 Structure contentinfo contenttype content... 1 N contenttype content

5 ContentType data encoding of a generic sequence of bytes signeddata data + (1..N) parallel signatures envelopeddata data encrypted with symmetric crypto + key encrypted with asymmetric crypto (RSA) signedandenvelopeddata asymmetric encryption of data + signatures (RSA) digestdata data + digest encrypteddata data encrypted with symmetric algorithm

6 SignedData signeddata content version digestalgorithm contentinfo [certificates] [crls] signerinfo version issuer + SN encrypteddigest signerinfo

7 Signed-data (ASN.1) SignedData ::= SEQUENCE { version CMSVersion, digestalgorithms DigestAlgorithmIdentifiers, encapcontentinfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, signerinfos SignerInfos } SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestalgorithm DigestAlgorithmIdentifier, signedattrs [0] IMPLICIT SignedAttributes OPTIONAL, signaturealgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedattrs [1] IMPLICIT UnsignedAttributes OPTIONAL }

8 Signed-data (ASN.1) DigestAlgorithmIdentifiers ::= SET OF SignedData ::= SEQUENCE { DigestAlgorithmIdentifier version CMSVersion, digestalgorithms DigestAlgorithmIdentifiers, encapcontentinfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, signerinfos SignerInfos } SignerInfo ::= SEQUENCE { SignerInfos ::= SET OF version CMSVersion, SignerInfo sid SignerIdentifier, digestalgorithm DigestAlgorithmIdentifier, signedattrs [0] IMPLICIT SignedAttributes OPTIONAL, signaturealgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedattrs [1] IMPLICIT UnsignedAttributes OPTIONAL }

9 Prepare the environment create a test CA /usr/lib/ssl/misc/ca.pl -newca create a certificate request for Alice openssl req -new -newkey rsa:2048 -keyout alice_pkey.pem -out alice_creq.pem issue the user certificate and view its content openssl ca -in alice_creq.pem -out alice_cert.pem openssl x509 -in alice_cert.pem -text -noout cat index.txt (check serial numbers): we ll need them create Bob s certificate (required later on) openssl req -new -newkey rsa:2048 -keyout bob_pkey.pem -out bob_creq.pem openssl ca -in bob_creq.pem -out bob_cert.pem

10 Detached signature create the doc to sign echo This is a message used to test the pkcs7 format > msg create detached signature: openssl smime -sign -in msg -out p7s.pem -outform PEM -signer alice_cert.pem -inkey alice_pkey.pem -certfile democa/cacert.pem user_pkey.pem contains the private key (of the signer) user_cert.pem contains the user certificate p7s.pem contains the detached signature on the message msg in PKCS#7 format to view the pkcs#7 envelope openssl asn1parse -in p7s.pem -i less you can check the provided material p7s.asn1 p7s.asn1

11 PKCS#7: p7s.pem with asn1parse (1) 0:d=0 hl=4 l=2462 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signeddata ContentType 15:d=1 hl=4 l=2447 cons: cont [ 0 ] 19:d=2 hl=4 l=2443 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :01 26:d=3 hl=2 l= 15 cons: SET DigestAlgorithmIdentifier 28:d=4 hl=2 l= 13 cons: SEQUENCE 30:d=5 hl=2 l= 9 prim: OBJECT :sha256 41:d=5 hl=2 l= 0 prim: NULL Data signed: empty!! 43:d=3 hl=2 l= 11 cons: SEQUENCE (because it's a detached sig) 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 56:d=3 hl=4 l=1787 cons: cont [ 0 ] 60:d=4 hl=4 l= 870 cons: SEQUENCE 64:d=5 hl=4 l= 590 cons: SEQUENCE Certificate of issuer CA of signer: serial number 68:d=6 hl=2 l= 3 cons: cont [ 0 ] 70:d=7 hl=2 l= 1 prim: INTEGER :02 73:d=6 hl=2 l= 9 prim: INTEGER :D55EADBB85373D61

12 PKCS#7: p7s.pem with asn1parse (2) 84:d=6 hl=2 l= 13 cons: SEQUENCE AlgorithmIdentifier 86:d=7 hl=2 l= 9 prim: OBJECT :sha256withrsaencryption 97:d=7 hl=2 l= 0 prim: NULL 99:d=6 hl=2 l= 72 cons: SEQUENCE 101:d=7 hl=2 l= 11 cons: SET 103:d=8 hl=2 l= 9 cons: SEQUENCE 105:d=9 hl=2 l= 3 prim: OBJECT :countryname Issuer of CA 110:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IT certificate 114:d=7 hl=2 l= 19 cons: SET of signer 116:d=8 hl=2 l= 17 cons: SEQUENCE 118:d=9 hl=2 l= 3 prim: OBJECT :stateorprovincename 123:d=9 hl=2 l= 10 prim: UTF8STRING :Some-State 135:d=7 hl=2 l= 15 cons: SET 137:d=8 hl=2 l= 13 cons: SEQUENCE 139:d=9 hl=2 l= 3 prim: OBJECT :organizationname 144:d=9 hl=2 l= 6 prim: UTF8STRING :Polito 152:d=7 hl=2 l= 19 cons: SET

13 PKCS#7: p7s.pem with asn1parse (3) 154:d=8 hl=2 l= 17 cons: SEQUENCE 156:d=9 hl=2 l= 3 prim: OBJECT :commonname 161:d=9 hl=2 l= 10 prim: UTF8STRING :My demo CA 173:d=6 hl=2 l= 30 cons: SEQUENCE Validity of CA certificate 175:d=7 hl=2 l= 13 prim: UTCTIME : Z 190:d=7 hl=2 l= 13 prim: UTCTIME : Z 205:d=6 hl=2 l= 72 cons: SEQUENCE 207:d=7 hl=2 l= 11 cons: SET Subject of CA certificate 209:d=8 hl=2 l= 9 cons: SEQUENCE of the signer 211:d=9 hl=2 l= 3 prim: OBJECT :countryname 216:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IT 220:d=7 hl=2 l= 19 cons: SET 222:d=8 hl=2 l= 17 cons: SEQUENCE 224:d=9 hl=2 l= 3 prim: OBJECT :stateorprovincename 229:d=9 hl=2 l= 10 prim: UTF8STRING :Some-State 241:d=7 hl=2 l= 15 cons: SET 243:d=8 hl=2 l= 13 cons: SEQUENCE

14 PKCS#7: p7s.pem with asn1parse (4) 243:d=8 hl=2 l= 13 cons: SEQUENCE 245:d=9 hl=2 l= 3 prim: OBJECT :organizationname 250:d=9 hl=2 l= 6 prim: UTF8STRING :Polito 258:d=7 hl=2 l= 19 cons: SET Subject of CA certificate of signer 260:d=8 hl=2 l= 17 cons: SEQUENCE 262:d=9 hl=2 l= 3 prim: OBJECT :commonname 267:d=9 hl=2 l= 10 prim: UTF8STRING :My demo CA 279:d=6 hl=4 l= 290 cons: SEQUENCE 283:d=7 hl=2 l= 13 cons: SEQUENCE 285:d=8 hl=2 l= 9 prim: OBJECT :rsaencryption 296:d=8 hl=2 l= 0 prim: NULL 298:d=7 hl=4 l= 271 prim: BIT STRING 573:d=6 hl=2 l= 83 cons: cont [ 3 ] Extensions in CA certificate of signer 575:d=7 hl=2 l= 81 cons: SEQUENCE 577:d=8 hl=2 l= 29 cons: SEQUENCE 579:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier

15 PKCS#7: p7s.pem with asn1parse (5) 584:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04141AC5E984339F5FD1D2A34D592C0FFFD3B7818DE8 608:d=8 hl=2 l= 31 cons: SEQUENCE 610:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 615:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]: AC5E984339F5FD1D2A34D592C0FFFD3B7818DE8 641:d=8 hl=2 l= 15 cons: SEQUENCE 643:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 648:d=9 hl=2 l= 1 prim: BOOLEAN : :d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]: FF 658:d=5 hl=2 l= 13 cons: SEQUENCE 660:d=6 hl=2 l= 9 prim: OBJECT :sha256withrsaencryption 671:d=6 hl=2 l= 0 prim: NULL 673:d=5 hl=4 l= 257 prim: BIT STRING 934:d=4 hl=4 l= 909 cons: SEQUENCE Extensions in CA certificate of signer 938:d=5 hl=4 l= 629 cons: SEQUENCE 942:d=6 hl=2 l= 3 cons: cont [ 0 ]

16 PKCS#7: p7s.pem with asn1parse (6) Certificate of the signer: 944:d=7 hl=2 l= 1 prim: INTEGER :02 serial number 947:d=6 hl=2 l= 9 prim: INTEGER :D55EADBB85373D62 958:d=6 hl=2 l= 13 cons: SEQUENCE 960:d=7 hl=2 l= 9 prim: OBJECT :sha256withrsaencryption 971:d=7 hl=2 l= 0 prim: NULL 973:d=6 hl=2 l= 72 cons: SEQUENCE 975:d=7 hl=2 l= 11 cons: SET Certificate of the signer: Issuer 977:d=8 hl=2 l= 9 cons: SEQUENCE 979:d=9 hl=2 l= 3 prim: OBJECT :countryname 984:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IT 988:d=7 hl=2 l= 19 cons: SET 990:d=8 hl=2 l= 17 cons: SEQUENCE 992:d=9 hl=2 l= 3 prim: OBJECT :stateorprovincename 997:d=9 hl=2 l= 10 prim: UTF8STRING :Some-State 1009:d=7 hl=2 l= 15 cons: SET 1011:d=8 hl=2 l= 13 cons: SEQUENCE 1013:d=9 hl=2 l= 3 prim: OBJECT :organizationname

17 PKCS#7: p7s.pem with asn1parse (7) 1013:d=9 hl=2 l= 3 prim: OBJECT :organizationname 1018:d=9 hl=2 l= 6 prim: UTF8STRING :Polito 1026:d=7 hl=2 l= 19 cons: SET 1028:d=8 hl=2 l= 17 cons: SEQUENCE 1030:d=9 hl=2 l= 3 prim: OBJECT :commonname 1035:d=9 hl=2 l= 10 prim: UTF8STRING :My demo CA 1047:d=6 hl=2 l= 30 cons: SEQUENCE Certificate of the signer: validity 1049:d=7 hl=2 l= 13 prim: UTCTIME : Z 1064:d=7 hl=2 l= 13 prim: UTCTIME : Z 1079:d=6 hl=2 l= 71 cons: SEQUENCE 1081:d=7 hl=2 l= 11 cons: SET Certificate of the signer: Subject 1083:d=8 hl=2 l= 9 cons: SEQUENCE 1085:d=9 hl=2 l= 3 prim: OBJECT :countryname 1090:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IT 1094:d=7 hl=2 l= 19 cons: SET 1096:d=8 hl=2 l= 17 cons: SEQUENCE 1098:d=9 hl=2 l= 3 prim: OBJECT :stateorprovincename

18 PKCS#7: p7s.pem with asn1parse (8) 1098:d=9 hl=2 l= 3 prim: OBJECT :stateorprovincename 1103:d=9 hl=2 l= 10 prim: UTF8STRING :Some-State 1115:d=7 hl=2 l= 15 cons: SET 1117:d=8 hl=2 l= 13 cons: SEQUENCE 1119:d=9 hl=2 l= 3 prim: OBJECT :organizationname 1124:d=9 hl=2 l= 6 prim: UTF8STRING :Polito 1132:d=7 hl=2 l= 18 cons: SET Certificate of the signer: common name 1134:d=8 hl=2 l= 16 cons: SEQUENCE 1136:d=9 hl=2 l= 3 prim: OBJECT :commonname 1141:d=9 hl=2 l= 9 prim: UTF8STRING :User cert 1152:d=6 hl=4 l= 290 cons: SEQUENCE 1156:d=7 hl=2 l= 13 cons: SEQUENCE 1158:d=8 hl=2 l= 9 prim: OBJECT :rsaencryption 1169:d=8 hl=2 l= 0 prim: NULL 1171:d=7 hl=4 l= 271 prim: BIT STRING 1446:d=6 hl=2 l= 123 cons: cont [ 3 ] 1448:d=7 hl=2 l= 121 cons: SEQUENCE

19 PKCS#7: p7s.pem with asn1parse (9) 1450:d=8 hl=2 l= 9 cons: SEQUENCE 1452:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 1457:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]: :d=8 hl=2 l= 44 cons: SEQUENCE 1463:d=9 hl=2 l= 9 prim: OBJECT :Netscape Comment 1474:d=9 hl=2 l= 31 prim: OCTET STRING [HEX DUMP]: 161D4F70656E53534C E :d=8 hl=2 l= 29 cons: SEQUENCE 1509:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 1514:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]: DF E95AE0653EA6D705770DD0 1538:d=8 hl=2 l= 31 cons: SEQUENCE 1540:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 1545:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]: AC5E984339F5FD1D2A34D592C0FFFD3B7818DE8 1571:d=5 hl=2 l= 13 cons: SEQUENCE

20 PKCS#7: p7s.pem with asn1parse (10) 1573:d=6 hl=2 l= 9 prim: OBJECT :sha256withrsaencryption 1584:d=6 hl=2 l= 0 prim: NULL 1586:d=5 hl=4 l= 257 prim: BIT STRING 1847:d=3 hl=4 l= 615 cons: SET 1851:d=4 hl=4 l= 611 cons: SEQUENCE 1855:d=5 hl=2 l= 1 prim: INTEGER : :d=5 hl=2 l= 85 cons: SEQUENCE 1860:d=6 hl=2 l= 72 cons: SEQUENCE Signer Info fields 1862:d=7 hl=2 l= 11 cons: SET 1864:d=8 hl=2 l= 9 cons: SEQUENCE 1866:d=9 hl=2 l= 3 prim: OBJECT :countryname 1871:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IT 1875:d=7 hl=2 l= 19 cons: SET 1877:d=8 hl=2 l= 17 cons: SEQUENCE 1879:d=9 hl=2 l= 3 prim: OBJECT :stateorprovincename 1884:d=9 hl=2 l= 10 prim: UTF8STRING :Some-State 1896:d=7 hl=2 l= 15 cons: SET

21 PKCS#7: p7s.pem with asn1parse (11) 1896:d=7 hl=2 l= 15 cons: SET 1898:d=8 hl=2 l= 13 cons: SEQUENCE 1900:d=9 hl=2 l= 3 prim: OBJECT :organizationname 1905:d=9 hl=2 l= 6 prim: UTF8STRING :Polito 1913:d=7 hl=2 l= 19 cons: SET Signer Info: Issuer + serial number 1915:d=8 hl=2 l= 17 cons: SEQUENCE 1917:d=9 hl=2 l= 3 prim: OBJECT :commonname 1922:d=9 hl=2 l= 10 prim: UTF8STRING :My demo CA 1934:d=6 hl=2 l= 9 prim: INTEGER :D55EADBB85373D :d=5 hl=2 l= 13 cons: SEQUENCE 1947:d=6 hl=2 l= 9 prim: OBJECT :sha :d=6 hl=2 l= 0 prim: NULL 1960:d=5 hl=3 l= 228 cons: cont [ 0 ] 1963:d=6 hl=2 l= 24 cons: SEQUENCE 1965:d=7 hl=2 l= 9 prim: OBJECT :contenttype 1976:d=7 hl=2 l= 11 cons: SET 1978:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data

22 PKCS#7: p7s.pem with asn1parse (12) 1989:d=6 hl=2 l= 28 cons: SEQUENCE 1991:d=7 hl=2 l= 9 prim: OBJECT :signingtime 2002:d=7 hl=2 l= 15 cons: SET Signed attributes 2004:d=8 hl=2 l= 13 prim: UTCTIME : Z 2019:d=6 hl=2 l= 47 cons: SEQUENCE 2021:d=7 hl=2 l= 9 prim: OBJECT :messagedigest 2032:d=7 hl=2 l= 34 cons: SET 2034:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]: A9BDA626D22F1A3181BF65734C9E4ECCB184E241D872D3C67FE33935AB :d=6 hl=2 l= 121 cons: SEQUENCE 2070:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities 2081:d=7 hl=2 l= 108 cons: SET 2083:d=8 hl=2 l= 106 cons: SEQUENCE 2085:d=9 hl=2 l= 11 cons: SEQUENCE 2087:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc 2098:d=9 hl=2 l= 11 cons: SEQUENCE

23 PKCS#7: p7s.pem with asn1parse (13) 2100:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc 2111:d=9 hl=2 l= 11 cons: SEQUENCE 2113:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc 2124:d=9 hl=2 l= 10 cons: SEQUENCE 2126:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc 2136:d=9 hl=2 l= 14 cons: SEQUENCE 2138:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc 2148:d=10 hl=2 l= 2 prim: INTEGER : :d=9 hl=2 l= 13 cons: SEQUENCE 2154:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc 2164:d=10 hl=2 l= 1 prim: INTEGER : :d=9 hl=2 l= 7 cons: SEQUENCE 2169:d=10 hl=2 l= 5 prim: OBJECT :des-cbc 2176:d=9 hl=2 l= 13 cons: SEQUENCE 2178:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc 2188:d=10 hl=2 l= 1 prim: INTEGER : :d=5 hl=2 l= 13 cons: SEQUENCE

24 PKCS#7: p7s.pem with asn1parse (14) 2193:d=6 hl=2 l= 9 prim: OBJECT :rsaencryption Signature 2204:d=6 hl=2 l= 0 prim: NULL 2206:d=5 hl=4 l= 256 prim: OCTET STRING [HEX DUMP]:7DF636E86464E3D61C4A51788C5A242E472A55722BB338181E4DF7B1 30EBA355EBD2A5C37DA DF0F7F4567DA00AEFF5E01AD648925E3538 AE5715F561A DF70D BB47F9F925347F34440AC06995F25B6 B5C318C51F240EAC6BCAA97CA9B7B856F B3C774A946E9E1B7E618 04A5BB2D5B6AD68875B66211E07895F458D1E0A217FD D4264FF894F4 F65206E323B7D3A965E8362EB94E696755E233A0BC2C1046DFE82A1C0FECF2 950E57E0E2E54FF4087B21AFE7746E1022E1E99E092EEAE14C84F57A7A6ECF DF802AF8A73876F475DB267FE6D896F046032AE30ABD50646C616DF1A40959 D84C28280C5E060EC9F6B6

25 Detached signature: dumpasn1 for DER dumpasn1 is an ASN.1 parsing tool implemented by Peter Gutmann apt-get install dumpasn1 convert the PKCS#7 envelope in DER format openssl pkcs7 -in p7s.pem -outform DER -out p7s.der view p7s.der with the tool dumpasn1 dumpasn1 p7s.der same information as with asn1parse but more structured!! note also the fields SubjectKeyIdentifier and AuthorityKeyIdentifier you can check the provided material p7s.dumpasn1 p7s.dumpasn1

26 Opaque signature generate an opaque signature openssl smime -sign nodetach -in msg -out p7snd.pem -outform PEM -signer user_cert.pem -inkey user_pkey.pem -certfile./democa/cacert.pem check the provided material p7snd.asn1 NOTE: data are in the envelope! p7snd.asn1

27 EnvelopedData version issuer + SN encalgorithm enckey envelopeddata content version encryptedcontentinfo recipientinfo... recipientinfo contenttype encryptionalgorithm encryptedcontent

28 Enveloped data encrypt data (for a specific recipient, e.g., Bob) openssl smime -encrypt -aes-128-cbc -in msg -out p7e.pem -outform PEM bob_cert.pem note the recipientinfo field recipient certificate referenced with Issuer and serial number the encrypted key the encrypted data the recipient can decrypt the received data: openssl smime -decrypt -in p7e.pem -inform PEM -inkey bob_pkey.pem check the provided material p7e.asn1 p7e.asn1

29 Enveloped data is it useful to encrypt data for the recipient only? who (originally) encrypted cannot decrypt his data anymore encrypt for at least two recipients himself and the (intended) recipient the command for encrypting for user and user2 is as follows: openssl smime -encrypt -aes-128-cbc -in msg -out p7e_2recipients.pem -outform PEM user_cert.pem user2_cert.pem p7e_2recipients.asn1

30 Certificate validation with CRL and OCSP

31 Manually verify a certificate against a CRL (1) steps: 1. obtain the certificate you wish to check for revocation 2. determine the URL of the CRL 3. obtain the CRL and verify it obtain the certificate of the authority issuing CRL (CA) 4. check the certificate against the CRL step 1. assume we have to check a user cert aldocert.pem step 2. check the certificate extensions openssl x509 -in aldocert.pem -text -noout X.509 CRL Distribution Points Full Name: URI:

32 Manually verify a certificate against a CRL (2) openssl x509 -in aldocert.pem -noout -text grep crl step 3. download the CRL (in PEM) from: wget location of Issuing (CA) certificate from several sources user cert: CA Issuers in Authority Information Access e.g. URI: openssl x509 -in aldocert.pem -noout -text grep CA OOB received together with the user certificate (in a degenerated PKCS#7 structure) published on CA s web site

33 Manually verify a certificate against a CRL (3) verify the CRL: openssl crl -in polito_crl.crl -inform DER -CAfile PolitecnicodiTorinoCertificationAuthority.crt -noout output: verify OK convert the CRL from DER to PEM openssl crl -in polito_crl.crl -out polito_crl.pem -inform DER -outform PEM

34 Manually verify a certificate against a CRL (4) step 4. verify the certificate against CRL combine the CRL and the Chain OpenSSL needs a single PEM file that concatenates all the certificates in the chain and the CRL cat EuroPKIrootCA.crt EuroPKIItalianCA.crt PolitecnicodiTorinoCertificationAuthority.crt polito_crl.pem > crl_chain.pem verify the certificate against CRL openssl verify -crl_check -CAfile crl_chain.pem aldocert.pem output: aldocert.pem: OK or

35 Manually verify a certificate against a CRL (5) or determine the serial number of the certificate you wish to check openssl x509 -in aldocert.pem -noout -serial convert the CRL into a human-readable format and inspect it manually openssl crl -in polito_crl.crl -inform DER -text -noout grep previously_found_serial_number

36 Checking the status with OCSP openssl (1) steps: 1. obtain the certificate you wish to check for revocation 2. obtain the issuing certificate (CA) 3. determine the URL of the OCSP responder 4. submit an OCSP request and observe the response step 1: assume we want to check bob_cert.pem step 2: issuer of bob is democa (cacert.pem) step 3: URL OCSP responder can be got from several sources: Authority Information Access extension (pre) configured communicated OOB or found on the CA web site

37 Checking the status with OCSP openssl (2) create an OCSP responder certificate openssl req -new -keyout ocspresp_pkey.pem -out ocspresp_req.pem openssl ca -in ocspresp_req.pem -out ocspresp_cert.pem start OCSP server: openssl ocsp -index democa/index.txt -port rsigner ocspresp_cert.pem -rkey ocspresp_pkey.pem -CA democa/cacert.pem -text start OCSP client: openssl ocsp -issuer democa/cacert.pem -cert bob_cert.pem -text -url -noverify

38 Checking the status with OCSP openssl (3) analyze the OCSP Request and Response: good (for the certificate status), which are the alternatives? Revoked, unknown note the OCSP nonce both in requests and responses to protect from replay attacks note the This Update field! OCSP cannot be used to get the validity status of a certificate in a given moment in time issuer identified through Issuer name hash and Issuer key hash

Obsoletes: 3369 July 2004 Category: Standards Track

Network Working Group R. Housley Request for Comments: 3852 Vigil Security Obsoletes: 3369 July 2004 Category: Standards Track Status of this Memo Cryptographic Message Syntax (CMS) This document specifies