Public Key Infrastructures Chapter 06 Private Keys

Transcription

1 Public Key Infrastructures Chapter 06 Private Keys Cryptography and Computer Algebra Prof. Dr. Johannes Buchmann Dr. Alexander Wiesmaier

2 Personal security environments Store Private keys Certificates Other data Provide Compatibility Portability Availability Access protection 2

3 Personal security environments Secure storage of private keys in Software in Hardware Standardized (e.g. PKCS#12) OS / language specific (e.g. Java KeyStore) Application specific (e.g. Netscape) Hardware Security Module (HSM) USB-Token Smartcard 3

4 PKCS#12 structure Secure key storage and use AuthenticatedSafe ContentInfo Plain data Encrypted data Enveloped data 4

5 PKCS#12: ASN.1 PFX ::= SEQUENCE { version INTEGER {v3(3)}(v3,...), authsafe ContentInfo, macdata MacData OPTIONAL } file://../certificates/p12/cs_student.cxt AuthenticatedSafe ::= SEQUENCE OF ContentInfo -- Data if unencrypted -- EncryptedData if password-encrypted -- EnvelopedData if public key-encrypted 5

6 PKCS#12: Content Plain data mode: No encryption is applied. Password Privacy Mode (encrypted data): Encryption with a symmetric key which is derived from a password. Public Key Privacy Mode (enveloped data): Encryption with a symmetric key which is encrypted with the public key of the receiver. 6

7 PKCS#12: Authentication Password Integrity Mode: A MAC is calculated with a symmetric key which is derived from a password. Public Key Integrity Mode: Signed with the private key of the issuer. 7

8 Java KeyStore 8

9 Java KeyStores Implementation of the KeyStore Class Different implementations: JKS Proprietary algorithms Weak encryption JCEKS Standard algorithms Strong encryption Part of the JCE (Java Cryptography Extensions) Since Java 1.4 Own implementation (proprietary) Easy Administration with keytool 9

10 Application specific Windows Internet Explorer, Outlook/Express The standard implementation is proprietary Through Cryptographic Service Provider The format for the import usually is PKCS#12 11

11 Private key import in Firefox file://../firefoxportable/firefoxportable.exe 12

12 Private key access in Firefox file://../firefoxportable/firefoxportable.exe 13

13 Private key import in Windows file://../certificates/p12/cs_student.p12 14

14 Private key access in Windows 15

15 Hardware Security Module Secure key storage and use (Pseudo)random number generation Key pair generation Key archiving Encryption / decryption Generating / verifying signatures Hashing Acceleration for cryptographic schemes (e.g. TLS) 16

16 Network Attached HSM Shared HSM Speed Availability Robustness 17

17 Hardware Security Module Protect the keys against Mechanical attacks Temperature attacks Manipulation of the voltage Chemical attacks The keys are destroyed in case of danger 18

18 Hardware Security Module Usually homologated (e.g. FIPS Level x) Usually sold as a black boxes no audit by users possible => Brazil developed open source HSM Access usually via PKCS#11 Most HSM provide proprietary PKCS#11 extensions Usually HSMs provide backup functionality Depending on evaluation level and purpose of the HSM 19

19 PKCS#11 "Cryptographic Token Interface Support functions like: Change PIN, Sign, Decrypt, Write certificate But: Some functions are not supported (e.g. change PUK) Different libraries are needed for supporting different cards and readers. Available at: 20

20 Smartcards Secure key storage and use Key pair generation (not all) (Pseudo)random number generation (not all) Calculation of digital signatures Decryption Access via: PKCS#11 CT-API PC/SC 21

21 PKCS#15 Specifies the structure of the file system on the chip card Every directory on the card is an application Pointers to cryptographic objects (ODF) Private Key Public Key Certificate There is a newer specification based on it: ISO Available at: 22

22 Structure PKCS#15 (Root directory) MasterFile (MF) (Meta data) Descriptor DF(PKCS#15) Userdata EF (DIR) Further DFs/EFs ODF PrKDF CDF ADF TokenInfo Object Directory File: Pointers to directories: PrivateKey Data, Certificate Data, Authentication Data (PIN) and Token Information (Serial number) 23

23 E4 NetKey (TeleSec) E4 evaluated (according to ITSEC) Global files (serial number, etc.) SigG application Pre-keyd with one key-pair according to SigG (Signature Act) NetKey application 3 key pairs (pre-keyed) Null-PIN scheme (patented) 24

24 Java Cards No filesystem but applets JCRE (Java Card Runtime Environment) manages: the resources of the card the communication with the outside world the execution of the applets controls: the compliance with the security limitations 25

25 Java Cards Like normal Java code, but without: Long, double, float Characters and strings Multidimensional arrays Threads Object serialization und cloning Dynamic loading of classes (like drivers) Security Manager Garbage Collector not always present 26

26 PSE: comparison PKCS #12 HSM Smart card Cost O Interoperability Portability Security Speed N/A very bad - bad O fair + good ++ very good 27

27 Private key lifecycle recover deposit States Steps in a private keys life restore store storable deliverable nonexistent deposited usable copy copy use Transitions Tasks to be done with private key during its life deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:

28 Generate recover deposit Appropriate algorithms and parameters restore store storable deliverable nonexistent deposited usable copy copy use Secure (P)RNG Shielding against eavesdropping deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:

29 Copy recover deposit Usually to be avoided, but may be reasonable restore store storable deliverable nonexistent deposited usable copy copy use Easy for authorized users Impossible for unauthorized users deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:

30 Store / deposit recover deposit Persistent storage Deletion from the generator restore store storable deliverable nonexistent deposited usable copy copy use Appropriate access protection deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:

31 Restore/ recover recover deposit Correct reestablishment Easy for authorized users restore store storable deliverable nonexistent deposited usable copy copy use Impossible for unauthorized users deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:

32 Deliver / retract recover deposit Correct receiver Guaranteed delivery restore store storable deliverable nonexistent deposited usable copy copy use Appropriate transport security mechanisms deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:

33 Use recover deposit Easy for the authorized users Impossible for the restore store storable deliverable nonexistent deposited usable copy copy use unauthorized users Shielding against eavesdropping, manipulation deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:

34 Destruct recover deposit Unrecoverable All (intended) copies are to restore store storable deliverable nonexistent deposited usable copy copy use be destroyed deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:

35 Life cycle of private keys Example 1: PGP (user generates keys) file://../thunderbirdportable/thunderbirdportable.exe 36

36 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 37

37 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 38

38 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 39

39 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 40

40 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 41

41 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 42

42 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 43

43 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 44

44 PGP: Storing file://../thunderbirdportable/thunderbirdportable.exe 45

45 PGP: Transport file://../thunderbirdportable/thunderbirdportable.exe 46

46 PGP: Transport file://../thunderbirdportable/thunderbirdportable.exe 47

47 PGP: Transport File contents file//../certificates/test User.cxt 48

48 PGP: Use file://../thunderbirdportable/thunderbirdportable.exe 49

49 PGP: Use file://../thunderbirdportable/thunderbirdportable.exe 50

50 PGP: Backup file://../thunderbirdportable/thunderbirdportable.exe 51

51 PGP: Backup file://../thunderbirdportable/thunderbirdportable.exe 52

52 PGP: Backup file://../thunderbirdportable/thunderbirdportable.exe 53

53 PGP: Backup file://../thunderbirdportable/thunderbirdportable.exe 54

54 PGP: Recovery file://../thunderbirdportable/thunderbirdportable.exe 55

55 PGP: Recovery file://../thunderbirdportable/thunderbirdportable.exe 56

56 PGP: Recovery file://../thunderbirdportable/thunderbirdportable.exe 57

57 PGP: Destruction file://../thunderbirdportable/thunderbirdportable.exe 58

58 PGP: Destruction file://../thunderbirdportable/thunderbirdportable.exe 59

59 PGP: Destruction file://../thunderbirdportable/thunderbirdportable.exe 60

60 Life cycle of private keys Example 2: TUD Card (TC generates keys) 61

61 TUD Card: Generation The manufacturer creates the keys input output 62

62 TUD Card: Storing Contains the private key A file exists that holds the private key. Security condition: PSO (Perform Security Operation) after PIN has been correctly given. 63

63 TUD Card: Transport By snail mail 64

64 TUD Card: Use First Use detection Null-PIN technique 65

65 TUD Card: Use PIN-Entry necessary for PSO 66

66 TUD Card: Use Set PIN See PUK Download certificate file://../cardmanager.jnlp 67

67 TUD Card: Destruction Physical destruction of the card. high temperature, etc 68

68 TUD Card: Backup Each encryption key is stored in a PKCS#12 file input output 69

69 Life cycle of private keys Example 3: Java KeyStore (user generates keys) 70

70 KeyStore: Generate..\BatchFiles\keytool.bat 71

71 KeyStore: Store..\BatchFiles\keytoolList.bat 72

72 KeyStore: Use Get certificate request keytool -certreq -keystore keystore.ks -file csr.txt -alias myalias 73

73 KeyStore: Use Get certificate from accepted authority And many more 74

74 KeyStore: Use Import certificate keytool -import -file test.crt -alias myalias -trustcacerts - keystore keystore.ks 98

75 Backup A simple copy of the file to: a CD a USB stick an external hard disc or similar The password may be changed. 99

76 Recovery Recovery from the copy location. Password is needed. 100

77 Destruction 101

78 Life cycle of private keys Other examples: OpenSSL Firefox with Key Manager Add-on ELSTER Elektronische Gesundheitskarte Neuer Personalausweis And many more 102