Lesson 5: Implementing a Public Key Infrastructure Flashcards
Digital certificates and public key infrastructure (PKI)
critical to manage identification, authentication, and data confidentiality across most private and public networks. This infrastructure is critical to the security of most data processing systems, so it is important that you be able to apply effective management principles when configuring and supporting these systems.
Everything from encrypted communications within a company’s private network, to the encrypted communications of the global Internet, are wrapped up in public key infrastructures (PKI). The basic building blocks of PKI include digital certificates and certificate authorities.
Public key cryptography solves the problem of distributing encryption keys when you want to communicate securely with others or authenticate a message that you send to others.
The basic problem with public key cryptography is that you may not really know with whom you are communicating. The system is vulnerable to Man-in-the-Middle attacks.
Public Key Infrastructure (PKI) aims to prove that the owners of public keys are who they say they are. Under PKI, anyone issuing public keys should obtain a digital certificate. The validity of the certificate is guaranteed by a certificate authority (CA). The validity of the CA can be established using various models
digital certificate
A digital certificate is essentially a wrapper for a subject’s public key. As well as the public key, it contains information about the subject and the certificate’s issuer or guarantor. The certificate is digitally signed to prove that it was issued to the subject by a particular CA. The subject could be a human user (for certificates allowing the signing of messages, for instance) or a computer server (for a web server hosting confidential transactions, for instance).
Digital certificates are based on the X.509 standard approved by the International Telecommunications Union. This standard is incorporated into the Internet Engineering Taskforce’s RFC 5280 (http://tools.ietf.org/html/rfc5280) and several related RFCs.
Public Key Infrastructure (PKIX) working group
The Public Key Infrastructure (PKIX) working group manages the development of these standards. RSA also created a set of standards, referred to as Public Key Cryptography Standards (PKCS), to promote the use of public key infrastructure.
certificate fields
The certificate fields are expressed as object identifiers (OIDs), using the syntax defined in Abstract System Notation One (ASN.1).
example:
The X.509 standard defines the fields (information) that must be present in the certificate. The standard provides interoperability between different vendors.
Certificate extensions
defined for version 3 of the X.509 format, allow extra information to be included about the certificate.
extension
An extension consists of:
- Extension ID (extnID)—expressed as an OID.
- Critical—a Boolean (True or False) value indicating whether the extension is critical.
- Value (extnValue)—the string value of the extension.
Public certificates can use standard extensions; that is, an OID defined in the X.509 documentation, which all clients should support. Certificates issued for private use can use private, proprietary, or custom extensions, but may need dedicated or adapted client and server software to interpret them correctly.
Key Usage
One of the most important standard extensions is Key Usage. This extension defines the purpose for which a certificate was issued, such as for signing documents or key exchange.
The Extended Key Usage (EKU) field—referred to by Microsoft® as Enhanced Key Usage—is a complementary means of defining usage. Typical values used include Server Authentication, Client Authentication, Code Signing, or Email Protection. The EKU field is more flexible than the Key Usage field, but problems can occur when non-standard or vendor-specific OIDs are used.
An extension can be tagged as critical. This means that the application processing the certificate must be able to interpret the extension correctly; otherwise, the certificate should be rejected. In the case of a Key Usage extension marked as critical, an application should reject the certificate if it cannot resolve the Key Usage value. This prevents a certificate issued for signing a CRL, for example, from being used for signing an email message. If Key Usage is not marked as critical, it effectively serves as a comment, rather than controlling the certificate in any way.
Distinguished Encoding Rules (DER)
There are various formats for encoding a certificate as a digital file for exchange between different systems. All certificates use an encoding scheme called Distinguished Encoding Rules (DER) to create a binary representation of the information in the certificate. A DER-encoded binary file can be represented as ASCII characters using Base64 Privacy-enhanced Electronic Mail (PEM) encoding. The file extensions .CER and .CRT are also often used, but these can contain either binary DER or ASCII PEM data.
.PFX or .P12 (PKCS #12) certificate format
the .PFX or .P12 (PKCS #12) format allows the export of a certificate along with its private key. This would be used to archive or transport a private key. This type of file format is password-protected. The private key must be marked as exportable.
P7B certificate format
implements PKCS #7, which is a means of bundling multiple certificates in the same file. It is typically in ASCII format. This is most often used to deliver a chain of certificates that must be trusted by the processing host. It is associated with the use of S/MIME to encrypt email messages. P7B files do not contain the private key.
certificate authority (CA)
the person or body responsible for issuing and guaranteeing certificates. Private CAs can be set up within an organization for internal communications. Most network operating systems, including Windows Server®, have certificate services. For public or business-to-business communications, however, the CA must be trusted by each party. Third-party CA services include Comodo, Digicert, GlobalSign, and Symantec’s family of CA brands (VeriSign, GeoTrust, RapidSSL, and Thawte). The functions of a CA are as follows:
- Provide a range of certificate services useful to the community of users serviced by the CA.
- Ensure the validity of certificates and the identity of those applying for them (registration).
- Establish trust in the CA by users and government and regulatory authorities and enterprises, such as financial institutions.
- Manage the servers (repositories) that store and administer the certificates.
- Perform key and certificate lifecycle management.
Registration
the process by which end users create an account with the CA and become authorized to request certificates. The exact processes by which users are authorized and their identity proven are determined by the CA implementation. For example, in a Windows Active Directory® network, users and devices can often auto-enroll with the CA just by authenticating to Active Directory. Commercial CAs might perform a range of tests to ensure that a subject is who he or she claims to be. It is in the CA’s interest to ensure that it only issues certificates to legitimate users or its reputation will suffer.
Note: On a private network (such as a Windows domain), the right to issue certificates of different types must be carefully controlled. The Windows CA supports access permissions for each certificate type so that you can choose which accounts are able to issue them.
Certificate Signing Request (CSR)
When a subject wants to obtain a certificate, it completes a Certificate Signing Request (CSR) and submits it to the CA. The CSR is a Base64 ASCII file containing the information that the subject wants to use in the certificate, including its public key. The format of a CSR is based on the PKCS#10 standard.
The CA reviews the certificate and checks that the information is valid. For a web server, this may simply mean verifying that the subject name and FQDN are identical and verifying that the CSR was initiated by the person administratively responsible for the domain, as identified in the domain’s WHOIS records. If the request is accepted, the CA signs the certificate and sends it to the subject.
The registration function may be delegated by the CA to one or more registration authorities (RAs). These entities complete identity checking and submit CSRs on behalf of end users, but they do not actually sign or issue certificates.
Certificate policies
define the different uses of certificate types issued by the CA, typically following the framework set out in RFC 2527 (http://www.ietf.org/rfc/rfc2527.txt). As an example of a policy, you could refer to the US federal government’s common policy framework for PKI (https://idmanagement.gov/topics/fpki/).
Different policies will define different levels of secure registration and authentication procedures required to obtain the certificate. A general purpose or low-grade certificate might be available with proof of identity, job role, and signature. A commercial grade certificate might require in-person attendance by the authorized person. A CA will issue many different types of certificates, designed for use in different circumstances.
server certificate
A server certificate guarantees the identity of e-commerce sites or any sort of website to which users submit data that should be kept confidential.
Domain Validation (DV)
proving the ownership of a particular domain. This may be proved by responding to an email to the authorized domain contact or by publishing a text record to the domain. This process can be highly vulnerable to compromise.
Extended Validation (EV)
subjecting to a process that requires more rigorous checks on the subject’s legal identity and control over the domain or software being signed. EV standards are maintained by the CA/Browser forum (https://cabforum.org).
- When creating a web server certificate, it is important that the subject matches the Fully Qualified Domain Name (FQDN) by which the server is accessed, or browsers will reject the certificate. If using multiple certificates for each subdomain is impractical, a single certificate can be issued for use with multiple subdomains in the following ways:
- Subject Alternative Name (SAN)—the subdomains are listed as extensions. If a new subdomain is added, a new certificate must be issued.
- Wildcard domain—the certificate is issued to the parent domain and will be accepted as valid for all subdomains (to a single level). Wildcard certificates cannot be issued with Extended Validation (EV).
- Both these methods can cause problems with legacy browser software and some mobile devices. There is also greater exposure for the servers operating each subdomain should the certificate be compromised. Using separate certificates for each subdomain offers better security.
machine certificates
It might be necessary to issue certificates to machines (servers, PCs, smartphones, and tablets), regardless of function. For example, in an Active Directory domain, machine certificates could be issued to Domain Controllers, member servers, or even client workstations. Machines without valid domain-issued certificates could be prevented from accessing network resources. Machine certificates might be issued to network appliances, such as routers, switches, and firewalls.
email certificates
An email certificate can be used to sign and encrypt email messages, typically using S/MIME or PGP. The user’s email address must be entered in the Subject Alternative Name (SAN) extension field. On a directory-based local network, such as Windows Active Directory, there may be a need for a wider range of user certificate types. For example, in AD there are user certificate templates for standard users, administrators, smart card logon/users, recovery agent users, and Exchange mail users (with separate templates for signature and encryption). Each certificate template has different key usage definitions.
code signing certificates
A code signing certificate is issued to a software publisher, following some sort of identity check and validation process by the CA. The publisher then signs the executables or DLLs that make up the program to guarantee the validity of a software application or browser plug-in. Some types of scripting environments, such as PowerShell®, can also require valid digital signatures.
root certificates
The root certificate is the one that identifies the CA itself. The root certificate is self-signed. A root certificate would normally use a key size of at least 2048 bits. Many providers are switching to 4096 bits.