Archive for the ‘Crypto’ Category

Debug Outlook S/MIME

Monday, December 7th, 2009

If Outlook cannot decrypt an S/MIME e-mail it displays the error message “Your digital ID name cannot be found by the underlying security system” which does not give any clues as to why. When this happens there is no easy way in Outlook to examine the message and see what certificates it was encrypted for.

To get this information I wrote a small program to scan through an encrypted message and look for data structures that resemble ASN1 sequences and print the Certificate Authority name and the certificate serial numbers. To use it copy the message to a file using click and drag from Outlook to Explorer and run the program in a CMD.EXE window giving the message file as input.

idcert.exe is available for download.

example.png

Alert when SSL certificate due for renewal

Thursday, May 14th, 2009

How many times has someone forgotten to renew an SSL certificate? Often it is because a previous admin has moved to another function. Here is a program that I wrote to check the ‘time to live’ of certificates on servers remotely using OpenSSL. Read the source code for details on how to call it. Download it here and put it in a daily cronjob that sends you e-mail if renewal time is near.

PGP Signed Web Page – Root Cert part 3

Monday, May 11th, 2009

While looking at ways to prove the authenticity of a PKI Root Certificate published on a web page I recalled this nice method of PGP signing a web page. The result looks like this.

You can validate the web page using GPG/PGP (get the public key)

wget http://example.com/root-cert-pem.html  
gpg --verify root-cert-pem.html

How to prove a Root Certificate – part 2

Monday, May 11th, 2009

Another way to prove the authenticity of the Root Certificate is to publish it signed by a certificate issued by a previously trusted PKI. This can be useful in the case where a PKI is being established to replace a legacy system. 

I have previously used the Mozilla NSS tool CMSUTIL to sign a data file but this time I decided to write a program using the Microsoft CryptoAPI on Windows because that it less sensitive to expired certificates. NSS CMSUTIL will not validate the signature if the signing certificate has expired and that could be a problem in this case as we are using a certificate from a legact PKI to sign the Root Certificate of the replacement PKI.

Here is the CMS signed data blob containing the Root Certificate cmssigned.dat 

You can verify the signature and examine the signing certificate using this program cms-verify.cpp and for completeness here is the program that I used to sign it cms-sign.cpp   

How to prove a Root Certificate

Thursday, May 7th, 2009

When a company establishes a PKI they usually publish their Root Certificate on their web site. Often they publish cryptographic hashes of the Root Certificate so that people who download it can verify that it has not been tampered with. The problem is that if anyone was able to tamper with the published Root Certificate (by compromise of the web page or a man in the middle attack) then they would also be able to tamper with the published hashes. 

I was involved in establishing a PKI and that set me thinking about how best to prove the authenticity of the Root Certificate. There are several ways. An obvious one is to use SSL on the web page. Another is to publish the hashes on multiple web sites, like this blog for example. So, here they are:    Root Certificate hashes   

Another way is to have the Root Certificate signed by an external key, such as the PGP Digital Timestamping Service and then publish the signature like this  root-certificate-timestamp.asc  

Here is the signature from another timestamping service TimeMarker    timemarkerorg_marker.pgp 

They also offer a service to timestamp a URL link and here is the result  timemarkerorg.zip

Who is that e-mail encrypted for?

Monday, March 2nd, 2009

This morning I was testing a program that builds a certificate request (for S/MIME encryption) and submits it to a CA in our new MS PKI. The tests went well and I generated, installed and deleted some certificates. Later my colleague Thomas ran the program to install a certificate and sent me a signed (and encrypted) e-mail. I was surprised to find that I could not read it in Outlook.

This is how Outlook tels you that you do not have the private key needed to decrypt the message.

Fortunatly I had backed up my certificates (this was Windows XP so I used “certmgr.msc” to export the certs, with private keys) before the tests. Rather than re-install all the certificates I decided to see what certificate Thomas had encrypted the e-mail for but Outlook stubbornly refused to let me inspect the e-mail in any way or to save it to a file.

As we have IMAP enabled in our Exchange environment I used Thunderbird to download the e-mail and save it to a file which I then edited to remove the headers. That left just the base64 encoded S/MIME part.

I decoded that by “base64 -d thomas.b64 > thomas.bin” which left me with an encrypted blob that contains a few strings in that tells you which Certificate Authority issued the certificates that it is encrypted for but no indication of the recipients. S/MIME uses CMS format which identifies the intended recipients by only two attributes: the issuing CA name and the serial numer of the certificate.

CMS uses ASN1 so you can parse this blob using the ASN1 parser in OpenSSL:

openssl asn1parse -in thomas.bin -inform DER > thomas.txt

View the output and you will find some lines like this repeated for each recipient :

807:d=9  hl=2 l=   3 prim: OBJECT            :commonName
812:d=9  hl=2 l=  33 prim: PRINTABLESTRING   :Example Internal Sub CA
847:d=6  hl=2 l=  10 prim: INTEGER           :238DC0A500000000001A

The third line is the serial number of the certificate (the MS Certificate Authority adds some “randomness” to the high bytes of the serial numbers). Then I went through my backup and sure enough found that I have an encryption certificate serial number ….001A and once I had re-installed that cert Outlook was able to decrypt the e-mail.

GnuPG fingerprint

Thursday, January 22nd, 2009

It is said that it is best practice put your GnuPG key fingerprint on your card so here is mine ;-)

public-key1.png

(click to enlarge)

Using PKI X.509 certificates in GnuPG

Saturday, January 10th, 2009

Many company IT Security policies insist that workers use only encryptions keys that are generated by the company PKI. That allows the company to recover the encryption keys if they are lost or if the employee leaves the company. PKI issued certificates (which contain the keys) are usualy used with S/MIME in programs like Outlook or Thunderbird.

However, some people wish to use the PGP encryption standard, often because it is required by a customer or other correspondent. This post explains how to export a certificate issued by an enterprise PKI for use in the popular open source encryption program GnuPG. GnuPG follows the PGP standard and can be used to exchange encrypted e-mail with users of the commercial PGP.

 In this example the certificate is available in the Firexox certificate store. Click to enlarge the image.

1firefox.png

This certificate is for John at Eriugena.org

2a-firefox.png

Next backup the certificate onto disk. Firefox uses the extension “.p12” for a certificate that includes the private key.

2b-firefox1.png

GnuPG cannot import an X.509 certificate. First we have to import the certificate using PGP which can convert it into a PGP type of key.

3a-pgp1.png

In PGPkeys use the “import” function on the “keys” menu.

3pgp.png

After importing the key, click on it and select “add” and then “name”. Add a user ID to the key. This is required for GnuPG to recognise the user ID and in this case is useful to identify the key.

5pgp.png

PGP protects the key using the IDEA algorithm which is not available by default in GnuPG because it is pattented. To get around this you must remove the key protection by changing the passphrase to an empty one. Be careful to delete the key from PGP afterwards or else change back to a non-empty passphrase.

6pgp.png

Now export the key. PGP will write the exported key in standard PGP form which can easily be imported into GnuPG.

7a-pgp.png

Select “Include Private Key”

7pgp.png

Import the key into the GnuPG key ring

8gpg.png

It is very important that you right away edit the key to protect it by adding a passphrase. You can also edit the trust level of the key at this time.

9gpg.png

Now test the key by encrypting and then decrypting a message.

agpg.png

You now have a key in your GnuPG key ring that complies to your company IT Security policy. It came from the company PKI and is therefore archived and recoverable according to the policy.

Where to get a free S/MIME certificate

Friday, November 30th, 2007

The two sites that I would recommend for getting free certs are Thawte and Comodo

CAcert is another site worth recommendation but their certs are not recognized by common mail clients; they work just fine but you have to understand how to import the CA root certificates. You can, of course, roll your own using OpenSSL or Mozilla NSS but that is a topic for another day.

Mozillazine have a good page on free certs.

[edit: Thawte service discontinued as of 16-Nov-2009]

How to read an “smime.p7m”

Thursday, November 29th, 2007

If you read your e-mail with a client that does not understand S/MIME encryption and someone has sent you an S/MIME encrypted message then you will see an attachment named “smime.p7m” like this one.

With Gmail you could use the “Show original” option to view the full S/MIME encoded e-mail message, cut+paste it to a text editor, save as “something.eml” and open that with Outlook Express, or similar, which understands S/MIME. Of course, you do have to have the matching private key to decrypt the message!

With other e-mail clients that do not present the option to view the unaltered e-mail, or when the “smime.p7m” attachment has been forwarded, you need a way to re-format it back into a valid S/MIME message. To do that I wrote this small program. Save the attachment to disk and feed it to “p7mfile.exe” which will format it and pass it on to Outlook Express.