Personal Security Environment (PSE) Public Key Infrastructures Chapter 6 Private Keys How to store private keys? Cryptography and Computeralgebra Prof. Dr. Johannes Buchmann Dr. Alexander Wiesmaier 2 Realisation of PSEs : Tokens Token properties in Software Secure storing of private keys in Hardware Compatibility Portability Availability Access protection PKCS#12 Java KeyStore e Application specific (e.g. Netscape) USB-Token Smartcard Hardware Security Module (HSM) 3 4
PKCS#12 PKCS#12: Modes Software based PSE Format for secure transport t and storing Most typical format for software PSEs Available at: http://www.rsa.com/rsalabs/node.asp?id=2138 asp?id Public Key Privacy Mode: Encryption with a symmetric key. This symmetric key is encrypted with the public key of the receiver. Password Privacy Mode: Encryption with a symmetric key, which is derived from a password. Public Key Integrity Mode: Signed with a private key. The receiver can verify the message. Password Integrity Mode: A MAC is calculated which can be verified by the receiver. 5 6 PKCS#12: ASN.1 PFX ::= SEQUENCE { version INTEGER {v3(3)}(v3,...), authsafe ContentInfo, macdata MacData OPTIONAL } AuthenticatedSafe ::= SEQUENCE OF ContentInfo -- Data if unencrypted -- EncryptedData if password-encrypted -- EnvelopedData if public key-encrypted yp AuthenticatedSafe ContentInfo ti PKCS#12: Structure Plain data Encrypted data Enveloped data 7 8
Java KeyStore Java Keystores Implementation of the KeyStore Class Two types: JKS Proprietary algorithms Weak encryption JCEKS Standard d algorithms Strong encryption Part of the JCE (Java Cryptography Extensions) Since Java 1.4 9 Easy Administration with keytool 10 KeyStore example keytool -genkey -alias test -keyalg RSA -keysize 1024 -keypass 123456 -storepass 123456 -keystore test.ks Run:../BatchFiles/keytool.bat Application specific Netscape Family Mozilla, Firefox, Thunderbird, SeaMonkey Through Software Security Module The standard implementation is proprietary The format for the import is PKCS#12 11 12
Private key import in Firefox Private key access in Firefox 13 14 Application specific Private key import in Windows Windows Internet Explorer, Outlook/Express The standard implementation is proprietary Through Cryptographic Service Provider The format for the import is PKCS#12 cs_student.p12 15 16
Private key access in Windows Hardware Security Module Secure storage and use of keys (Pseudo)random number generation Key pair generation cs_student.p12 Key archiving Encryption / decryption 17 Generating / verifying signatures Acceleration for cryptographic schemes (e.g. TLS) 18 Hardware Security Module Hardware Security Module Protect the keys against Mechanical attacks Temperature attacks Manipulation of the voltage But Keys can be accidentally destroyed e.g. due to mechanical influence during transport Chemical attacks The keys are destroyed in case of danger 19 20
Network Attached HSM Smartcards Secure key storing and use Shared HSM Speed Availability Robustness Key pair generation (not all) Calculation of digital signatures Decryption 21 22 Interface to the HSM Access over PKCS#11 Support functions like: Change PIN, Sign, Decrypt, Write certificate But: Some functions are not supported (e.g. change PUK) Different libraries are needed for supporting different cards and readers. Available at: http://www.rsa.com/rsalabs/node.asp?id=2133 PKCS#15 Specifies the structure of the filesystem in the chip card Every directory in the card is an application Pointers to cryptographic objects (ODF) Private Key Public Key Certificate There is a newer specification based on it: ISO 7816-15 Available at: http://www.rsa.com/rsalabs/node.asp?id=2141 23 24
Structure PKCS#15 E4 NetKey (TeleSec) (Root directory) MasterFile (MF) E4 evaluated (according to ITSEC) Global files (serial number, etc.) SigG application (Meta data) Descriptor DF(PKCS#15) rdata EF (DIR) Further DFs/EFs Pre-keyd with one key-pair according to SigG (Signature Act) NetKey application ODF PrKDF CDF ADF TokenInfo Object Directory File: Pointers to directories: PrivateKey Data, Certificate Data, Authentication Data (PIN) and Token Information (Serial number) 3 key pairs (pre-keyed) Null-PIN scheme (patented) 25 26 No filesystem but applets Java Cards JCRE (Java Card Runtime Environment) manages: the resources of the card the communication with the outside world the execution of the applets controls: the compliance with the security limitations Java Cards Like normal Java code, but without: Long, double, float Characters and strings Multidimensional arrays Threads Object serialization und cloning Dynamic loading of classes (like drivers) Security Manager Garbage Collector not always present 27 28
Life cycle of private keys Life cycle of private keys Backup Backup Storing Recovery Storing Recovery Transport Transport start state state appropriate parameters secure random number generator Destruction end state Destruction shielding against eavesdropping 29 30 Life cycle of private keys Life cycle of private keys Backup Backup Storing Recovery Storing Recovery Transport Transport persistent storing correct receiver deletion from the generator guaranteed delivery Destruction appropriate access protection Destruction appropriate transport security mechanisms 31 32
Life cycle of private keys Life cycle of private keys Backup Backup Storing Recovery Storing Recovery Transport Transport easy for the authorised users unrecoverable Destruction impossible for the unauthorised users protection of the private key Destruction easy for authorised users impossible for unauthorised users 33 34 Life cycle of private keys Life cycle of private keys Backup Backup Storing Recovery Storing Recovery Transport Transport persistent storing correct reestablishment only for certain keys easy for authorised users Destruction appropriate access protection Destruction impossible for unauthorised users 35 36
Life cycle of private keys Example 1: r generates keys Here: PGP 37 38 39 40
41 42 43 44
Storing 45 46 Transport Transport 47 48
Transport File contents../certificates/test t /T t r.cxt 49 50 Destruction 51 52
Destruction Destruction 53 54 Backup Backup 55 56
Backup Backup 57 58 Recovery Recovery 59 60
Recovery Life cycle of private keys Example 2: TC generates keys Here: TUD Card 61 62 Storing The manufacturer creates the keys Contains the private key input A file exists that holds the private key. Security condition: output 63 PSO (Perform Security Operation) after PIN has been correctly given. 64
Transport By snail mail First detection Null-PIN technique 65 66 Set PIN See PUK Download certificate PIN-Entry necessary for PSO 67 68
Destruction Backup Physical destruction of the card. high temperature, etc Each encryption key is stored in a PKCS#12 file input output 69 70 Life cycle of private keys Generate keytool -genkey -keyalg RSA -keystore keystore.ks -alias myalias Example 3: r generates keys Here: Java keytool 71 72
Store Transport keytool -genkey -keyalg RSA -keystore keystore.ks -alias myalias The key is already at the client side. 73 74 In order to use the private key, the public key is certified by a CA. Thawte example 75 76
77 78 79 80
Hi! Please use your browser to go to the following URL: https://www.thawte.com/cgi/enroll/personal/step8.exe Once you have connected successfully to the above address, you must copy and paste the "probe" and "ping" values below into the appropriate text boxes: Probe: value Ping: value You should save this message until you have completed the enrollment process, just in case. But you MUST go to the above URL within 24 hours, or we will delete your request information and you'll have to start over! If you have problems completing the above please contact our support team by going to the following URL: https://www.thawte.com/cgi/support/contents.exe Regards, The thawte team thawte Certification 81 82 83 84
85 86 87 88
email address 89 90 91 92
keytool -certreq -keystore keystore.ks -file csr.txt -alias myalias -----BEGIN NEW CERTIFICATE REQUEST----- MIIBrDCCARUCAQwbDELMAkGA1UEBhMCREUxDjAMBgNVB TBUhlc3NlMRIwEAYDVQQHEwlEYXJtN57qbnyAfAAAAAAA c3rhzhqxddkbgnvata1rvrdemmaoga1uecxmdq0rdmr wgwydvqqdexrwy5nzwxpcyblyxjhn57qbnyafaaaaaaa dhnpb2xpcznzanbqhkig9w0baqefaaobjqawgykcgyearoj ITHFBR5orQ9dB4qkP/gMhS1hCNiowdM2CrJINiowdM2CCCCE +Qrzut77pzzjlEBLQeeMC0Q88LF8tTJfFoUKdGni/PAAiOPHxv NXFFH0YZs4/P7gXMAX+9eEgGNiowdM2CrJINiowdM2CCCCE jl2ig7pyqlkggwibvxyqmex2tkk9tkwqcvfjl6bktjiijermgoly i79dk3cdwx26z8caweaaaaaniowdm2crjiniowdm2cccceee MA0GCSqGSIb3DEBBAUAAGBAIvbaheW+lVaDdRN57qbnyAf3baheW+lVaDdRN57qbn Af3 qqxd2gcjmbccco8v3tn9zc4mseniowdm2crjiniowdm2cccc pxxtfqg4uqo0urjiniowdm2ctrpzletorjntoxxirlhp9+lln XnER43nYvcLZ/QIChlfIX6KiPrJINiowdM2CrJINiowdM2CCCC Elr81bvYRq6G/bGxrz4K55c17UIqPtlGN7yQEDxYZ5e+ -----END NEW CERTIFICATE REQUEST----- 93 94 95 96
The user receives a URL that contains the certificate inside a PKCS#7 structure 97 98 Destruction keytool -import -file test.crt -alias myalias -trustcacerts -keystore keystore.ks ks 99 100
Backup Recovery A simple copy of the file to: a CD a USB stick an external hard disc or similar Recovery from the copy location. Password is needed. The password may be changed. 101 102