[Openswan Users] How to check the host identity ?

Bryan McAninch bryan at mcaninch.org
Thu May 19 10:51:14 CEST 2005 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of david
> Sent: Thursday, May 19, 2005 5:06 AM
> To: users at openswan.org; bryan at mcaninch.org
> Subject: Re: RE: [Openswan Users] How to check the host identity ?
> 
>  
>  When you generate a certificate, you do it as follows:
> 
>  1) You create a new random private key and public key.

1.1) provide a strong password to encrypt your private key with a symmetric
cipher.

> 
>  2) You generate a certificate request that includes the public key.
> 
>  3) You sign the certificate request with the private key (to 
> prove that you know it)

3.1) in order to sign the request with your private key, you should be
prompted to enter a password to decrypt and use it, since you've encrypted
it in step 1.1

> 
>  4) You send the certificate request to a certificate authority.
> 
>  5) The certificate authority verifies the name you claim in 
> the certificate request to make sure it belongs to you. They 
> verify that the request was signed with the private key 
> corresponding to the public key in the certificate.
> 
>  6) The certificate authority issues a certificate that says 
> that your name is associated with your public key. They sign 
> it with their private key.
> 
> The certificate is generally considered public information. 
> All it does is convey the true fact that the certification 
> authority has established that the name in the certificate is 
> the name of the holder of the private key that corresponds to 
> the public key in it.
> 
> 
> So my questions are :
> 
> After having signed the user certificate request, the CA send 
> this user certificate to the supposed user. How the CA is sur 
> to send this certificate to the good person ?

The certificate can be obtained by anyone, this is one of the advantages of
public key crypto systems. However, the user's private key should always be
strongly encrypted with a strong password and kept private to prevent
unauthorized use. 

> Is the all communication (steps 4 to 6 + sending to the user) 
> encrypted in SSL ?     

It CAN be, but it's superfluous, and provides no additional security. A few
cases where I can think that you'd want secure transfer is when you're
sending the client a PKCS8 and/or PKCS12 file, which contains both the
clients' public AND private keys. Even though the private key is (hopefully)
password encrypted, it is still good security practice to keep the private
key private.

> Is there a challenge used to prove the identity of the user ?
> when does ipsec (IKE) do this challenge (if there is)? 
> Is it done in every case ?

With OpenSWAN, the password used to decrypt the private key is set in
/etc/ipsec.secrets - it varies with other software and OS's. Windows, for
example, allows you to specify something like "ask for a password every time
this key is used" when you're importing a keypair. 

This in essence, proves that you are the real owner of the certificate.
Though it's only single factor authentication, it's better than having a
password-less private key.

> 
> thx
> david
> 
> 
> 
> 
> > This is an inherent flaw with certificates. The only way to be 
> > certain, is to have the corresponding private key password 
> encrypted 
> > with a symmetric cipher (3DES,AES). This proves (to some 
> extent) the 
> > person with the certificate is authorized to use the 
> certificate. This 
> > clearly demonstrates the need to have private keys encrypted with a 
> > strong cipher / strong password combo.
> > 
> > -----Original Message-----
> > From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] 
> > On Behalf Of david
> > Sent: Wednesday, May 18, 2005 5:27 AM
> > To: users at openswan.org
> > Subject: [Openswan Users] How to check the host identity ?
> > 
> > Hi all,
> 
> > I am testing a VPN using certificates.
> 
> > Server ======== User
> 
> > The server and the user have a certificate. The server accepts all 
> > connection if it knows CA which signed the certificate of the user.
> 
> > How to check that the User is really the party the certificate was 
> > issued to ? (and not someone who has intercepted the certificate)
> 
> > thx
> 
> > david
> 
> Protek-on: CaraMail met en oeuvre un nouveau Concept de 
> Sécurité Globale - www.caramail.com
>

More information about the Users mailing list