1

1

Public Key InfrastructuresPublic Key Infrastructures

Chapter 6Private Keys

Cryptography and Computeralgebra

Johannes Buchmann

2

How to store private keys?

3

Personal Security Environment (PSE)

Private keys are stored in PSEs

4

Realisation of PSEs : Tokens

Secure storing of private keys

in Software in Hardware

PKCS#12Application specific

(e.g. Netscape)Java KeyStore SmartcardUSB-Token

HardwareSecurityModule(HSM)

5

Token properties

Compatibility

Portability

Availability

Access protection

6

PKCS#12

Software based PSE

Format for secure transport and storing

Most typical format for software PSEs

Available at:http://www.rsa.com/rsalabs/node.asp?id=2138

2

7

PKCS#12: Modes

Public Key Privacy Mode:Encryption with a symmetric key. This symmetric key is encrypted with the public key of the receiver.

Password Privacy Mode:Encryption with one symmetric key, which is derived from a password.

Public Key Integrity Mode:Signed with a private key. The receiver can verify the message.

Password Integrity Mode:A MAC is calculated which can be verified by the receiver.

8

PKCS#12: Structure

AuthenticatedSafe

ContentInfo

Plain Data

Encrypted Data

Enveloped data

9

Example

Personal nformation Exchange

Password: 123456

10

11

Java Keystores

Implementation of the KeyStore Class

Two types:JKS

Proprietary algorithmsWeak encryption

JCEKSStandard algorithmsStrong encryptionPart of the JCE (Java Cryptography Extensions)Since Java 1.4

Easy Administration with keytool 12

KeyStore example

keytool -genkey -alias test -keyalg RSA-keysize 1024 -keypass 123456-storepass 123456 -keystore test.ks

Run: ../Certificates/keytool.bat

3

13

Application specific

Examples:

MozillaWindows

14

Private key import in Firefox

15

Private key access in Firefox

16

Private key import in Windows

17

Private key access in Windows

18

Application specific

Netscape FamilyMozilla, Firefox, Thunderbird, SeaMonkeyThrough Software Security ModuleThe standard implementation is proprietaryThe format for the import is PKCS#12

Windows Internet Explorer, Outlook/ExpressThe standard implementation is proprietaryThrough Cryptographic Service ProviderThe format for the import is PKCS#12

4

19

Hardware Security Module

Secure storing and use of keys

Pseudorandom number generation

Key pair generation

Calculation of digital signatures

Key archiving

Acceleration for cryptographic schemes

20

Hardware Security Module

Protect the keys against

Mechanical attacks

Temperature attacks

Manipulation of the voltage

Chemical attacks

The keys are destroyed in case of danger

21

Hardware Security Module

But…

Keys can be accidentally destroyed

e.g. due to mechanical influence during transport

Reduced number of keys

22

Smartcards

Secure key storing and use

Key pair generation (not all)

Calculation of digital signatures

Decryption

23

Access over PKCS#11

Interface to the card

Support functions like:Change PIN, Sign, Decrypt, Write certificate

But:Some functions are not supported (e.g. change PUK)Possibly many libraries are needed for supporting different cards and readers.

Available at:http://www.rsa.com/rsalabs/node.asp?id=2133

24

Access over PKCS#15

Specifies the structure of the card in the card

Every directory in the card is an application

Pointers to cryptographic objekts (ODF)

PrivateKey

PublicKey

Certificate

Available at:

http://www.rsa.com/rsalabs/node.asp?id=2141

5

25

Structure PKCS#15

DescriptorDF(PKCS#15)

FurterDFs/EFs

UserdataEF (DIR)

TokenInfo

MasterFile

ADFCDFPrKDFODF

Pointer to PrivateKey Data, Certificate Data, Authentication Data (PIN) and Token Information (Serial number)

26

E4 NetKey (TeleSec)

E4 evaluated (according to ITSEC)

Global files (serial number, etc.)

SigG application

Pre-keyd with one key-pair according to SigG(Signature Act)

NetKey application

3 key pairs (pre-keyed)

Null-PIN scheme (patented)

27

Java Cards

No filesystem but applets

JCRE (Java Card Runtime Environment)

manages:

the resources of the card

the communication with the outside world

the execution of the applets

controls:

the compliance with the security limitations

28

Java Cards

Like normal Java code but

No long, double, float

Characters and Strings

Multidimensional arrays

Threads

Object serialisation und cloning

Dynamic loading of classes (like drivers)

Security Manager

Garbage Collector not always present

29

Use

Destruction

Transport

storing

Backup

Recovery

Generation

Life cycle of private keys

start state

state

end state

30

Use

Destruction

Transport

Storing

Backup

Recovery

GenerationGeneration

Life cycle of private keys

appropriate parameters

secure random number generator

shielding against eavesdropping

•…

6

31

Use

Destruction

Transport

StoringStoring

Backup

Recovery

Generation

Life cycle of private keys

persistent storing

deletion from the generator

appropriate access protection

…

32

Use

Destruction

TransportTransport

Storing

Backup

Recovery

Generation

Life cycle of private keys

correct receiver

guaranteed delivery

appropriate transport security mechanisms…

33

UseUse

Destruction

Transport

Storing

Backup

Recovery

Generation

Life cycle of private keys

easy for the authorised users

impossible for the unauthorisedusers

protection of the private key

…34

Use

DestructionDestruction

Transport

Storing

Backup

Recovery

Generation

Life cycle of private keys

unrecoverable

easy for authorised users

impossible for unauthorisedusers

•…

35

Use

Destruction

Transport

Storing

BackupBackup

Recovery

Generation

Life cycle of private keys

persistent storing

only for certain keys

appropriate access protection

…

36

Use

Destruction

Transport

Storing

Backup

RecoveryRecovery

Generation

Life cycle of private keys

correct reestablishment

easy for authorised users

impossible for unauthorisedusers

…

7

37

User generates key

PGP Example

38

Generation

39

Generation

40

Generation

41

Generation

42

Generation

8

43

Generation

44

Generation

45

Generation

46

Storing

47

Transport

48

Transport

9

49

Transport

File contents

../Certificates/Test User.cxt

50

Use

51

Use

52

Destruction

53

Destruction

54

Destruction

10

55

Backup

56

Backup

57

Backup

58

Backup

59

Recovery

60

Recovery

11

61

Recovery

62

Trust center generates key

Trust center example

TUDCard

63

Generation

The manufacturer creates the keys

input

output 64

Storing

Contains the private key

A file exists that holds the private key.

Security condition:

PSO (Perform Security Operation) after PIN has been correctly given.

65

TransportBy snail mail

66

Use

First Use detection

Null-PIN technique

12

67

Use

PIN-Entry

necessary

for PSO

68

Use

Set PINSee PUKDownload certificate

69

Destruction

Physical destruction of the card.

high temperature, etc…

70

Backup

input

output

Every key is stored in a PKCS#12 file

71

Recovery

An example…

TUDCardKeyRecovery

72

User generates key

The user generates its own private key

13

73

Generate

keytool -genkey -keyalg RSA -keystore keystore.ks -alias myalias

74

Store

keytool -genkey -keyalg RSA -keystore keystore.ks -alias myalias

75

Transport

The key is already at the client side.

76

UseIn order to use the private key, the public key is certified by a CA.

Thawte example

77 78

14

79 80

81 82

83

Hi! Please use your browser to go to the following URL: https://www.thawte.com/cgi/enroll/personal/step8.exeOnce you have connected successfully to the above address, you must copy and paste the "probe" and "ping" values below into the appropriate text boxes:Probe: value Ping: valueYou should save this message until you have completed the enrollment process, just in case. But you MUST go to the above URL within 24 hours, or we will delete your request information and you'll have to start over! If you have problems completing the above please contact our support team by going to the following URL: https://www.thawte.com/cgi/support/contents.exeRegards, The thawte team thawte Certification 84

15

85 86

87 88

89 90

email address

16

91 92

93 94

keytool -certreq -keystore keystore.ks -file csr.txt -alias myalias

95

-----BEGIN NEW CERTIFICATE REQUEST-----MIIBrDCCARUCAQwbDELMAkGA1UEBhMCREUxDjAMBgNVBTBUhlc3NlMRIwEAYDVQQHEwlEYXJtN57qbnyAfAAAAAAAc3RhZHQxDDKBgNVATA1RVRDEMMAoGA1UECxMDQ0RDMRwGwYDVQQDExRWY5nZWxpcyBLYXJhN57qbnyAfAAAAAAAdHNpb2xpcznzANBqhkiG9w0BAQEFAAOBjQAwgYkCgYEAroJITHFBR5orQ9dB4qkP/gMhS1hCNiowdM2CrJINiowdM2CCCCE+Qrzut77pzzjlEBLQeeMC0Q88LF8tTJfFoUKdGni/PAAiOPHxvNXFFH0YZs4/P7gXMAX+9eEgGNiowdM2CrJINiowdM2CCCCEjL2ig7PyQlkGGwIbvxYQmEX2TKk9tKWqCvFjl6BKTjIIjErmgolyi79dk3Cdwx26Z8CAwEAAaAANiowdM2CrJINiowdM2CCCCEEEMA0GCSqGSIb3DEBBAUAAGBAIvbaheW+lVaDdRN57qbnyAf3qqxD2GcjmBcCcO8v3TN9zc4mSENiowdM2CrJINiowdM2CCCCpXXTFQg4UqO0urJINiowdM2CtrPzlEtORJNtoxxiRLHp9+LLNXnER43nYvcLZ/QIChlfIX6KiPrJINiowdM2CrJINiowdM2CCCCElr81bvYRq6G/bGxrz4K55c17UIqPtlGN7yQEDxYZ5e+-----END NEW CERTIFICATE REQUEST-----

96

17

97 98

99

The user receives a URL that contains thecertificate inside a PKCS#7 structure

100

keytool -import -file test.crt -alias myalias -trustcacerts -keystore keystore.ks

101

Destruction

102

Backup

A simple copy of the file to:a CDa USB stickan external hard disc… or similar

The password may be changed.

18

103

Recovery

Recovery from the copy location.

Password is needed.