[Openswan Users] How to check the host identity ?

david ngc1976.m42 at caramail.com
Fri May 20 10:58:33 CEST 2005 

 >>  When you generate a certificate, you do it as follows:
>> 
>>  1) You create a new random private key and public key.

>1.1) provide a strong password to encrypt your private key with a symmetric
>cipher.

>> 
>>  2) You generate a certificate request that includes the public key.
>> 
>>  3) You sign the certificate request with the private key (to 
>> prove that you know it)

>3.1) in order to sign the request with your private key, you should be
>prompted to enter a password to decrypt and use it, since you've encrypted
>it in step 1.1

>> 
>>  4) You send the certificate request to a certificate authority.
>> 
>>  5) The certificate authority verifies the name you claim in 
>> the certificate request to make sure it belongs to you. They 
>> verify that the request was signed with the private key 
>> corresponding to the public key in the certificate.
>> 
>>  6) The certificate authority issues a certificate that says 
>> that your name is associated with your public key. They sign 
>> it with their private key.
>> 
>> The certificate is generally considered public information. 
>> All it does is convey the true fact that the certification 
>> authority has established that the name in the certificate is 
>> the name of the holder of the private key that corresponds to 
>> the public key in it.
>> 
>> 
>> So my questions are :
>> 
>> After having signed the user certificate request, the CA send 
>> this user certificate to the supposed user. How the CA is sur 
>> to send this certificate to the good person ?


>The certificate can be obtained by anyone, this is one of the advantages of
>public key crypto systems. However, the user's private key should always be
>strongly encrypted with a strong password and kept private to prevent
>unauthorized use.

 

>> Is the all communication (steps 4 to 6 + sending to the user) 
>> encrypted in SSL ?     

>It CAN be, but it's superfluous, and provides no additional security. A few
>cases where I can think that you'd want secure transfer is when you're
>sending the client a PKCS8 and/or PKCS12 file, which contains both the
>clients' public AND private keys. Even though the private key is (hopefully)
>password encrypted, it is still good security practice to keep the private
>key private.


>> Is there a challenge used to prove the identity of the user ?
>> when does ipsec (IKE) do this challenge (if there is)? 
>> Is it done in every case ?

>With OpenSWAN, the password used to decrypt the private key is set in
>/etc/ipsec.secrets - it varies with other software and OS's. Windows, for
>example, allows you to specify something like "ask for a password every time
>this key is used" when you're importing a keypair. 

>This in essence, proves that you are the real owner of the certificate.
>Though it's only single factor authentication, it's better than having a
>password-less private key.

thx a lot, bryan !

OK, I understand all the steps you added and of course I have done it.
But as I said,  I am testing a VPN using certificate : Server ======== User

The server and the user have a certificate. The server accepts all
connection if it knows CA which signed the certificate of the user.

but to have a certificate my user have to submit a request to a CA (my CA).
So after having signed the user certificate request, the CA send this user certificate to the user.
  
So now if someone intercepts this user certificate (coming from the CA to the user), because this communication is not encrypted, the  interceptor can now use the VPN......
 
but I think (I hope) the authentication of the user is done when this user try to connect the server, It is this point I want to clear up. Even if the serveur knows the CA which has signed the user certificate, the server should check if the User is really the party the certificate was issued to (and not the interceptor). 
And for that the user must prove he has the private key corresponding to the public key on "his" certificate.

So how does it work ?
Does the server send a challenge encrypted with the user public key, to the user , and wait for the response to establish the VPN ?
that's why openswan need to know the private key password set in /etc/ipsec.secrets, to decrypt the challenge send by the server ?

I think this check is managed by IKE, but I read on rfc2409 that there are différent configurations for the IKE phase1 (chapter 5.Exchanges). which phase1 is used by default ?
how to choose the phase 1 that I want ? in ipsec.conf ?

regards
david

Protek-on: CaraMail met en oeuvre un nouveau Concept de Sécurité Globale - www.caramail.com

More information about the Users mailing list