Skip to topic | Skip to bottom
Home
IGTF-RAT



  • My links
  • My home page?
  • Show me topics of interest

IGTF-RAT.2009-01r1.25 - 14 Aug 2009 - 14:17 - JamesAlanBasney710056topic end

Start of topic | Skip to actions

2009-01: IGTF RAT Audit: (EC)DSA, MD5, and weak keys

To edit this page, please access it at https://tagpma.es.net/wiki/bin/edit/IGTF-RAT/2009-01 using an IGTF certificate in your browser.

Timeline

  • 11 Feb: Request sent to CA operators
  • 19 Feb: 57 of 80 CAs responded
  • 23 Feb: reminder sent
  • 12 Mar: 75 of 80 CAs responded; reminder sent
  • 26 Mar: 77 of 80 CAs responded
  • 27 Apr: 77 of 80 CAs responded; reminder sent
  • 28 Apr: 78 of 80 CAs responded
  • 11 May: 79 of 80 CAs responded
  • 9 Aug: 80 of 80 CAs responded

Request To CA Operators

The following request was sent by email to IGTF CA Operators:

Date: Wed, 11 Feb 2009 09:01:54 -0600
From: Jim Basney <jbasney@ncsa.uiuc.edu>
Reply-To: igtf-rat@eugridpma.org
Subject: [IGTF-ALERT] (EC)DSA and MD5

Certificate Authority Operators,

Following up on recent activities, the International Grid Trust
Federation Risk Assessment Team (IGTF RAT) requests that you review
your CA operations for issued certificates containing DSA or ECDSA
keys and for the use of the known weak MD5 hash algorithm in digital
signatures.

Furthermore, the RAT requests that you implement the following
automated checks to avoid future issuance of weak certificates:

  * Check new certificate requests for RSA keys with weak exponents
    (less than 65537).

  * Check new certificate requests for known weak Debian OpenSSL keys.

  * Verify that new certificates and CRLs are not issued using MD5.

Within the next week, please complete the survey at
http://www.surveymonkey.com/s.aspx?sm=CxFX6O88Z2VasaM7k3qCWA_3d_3d
to inform the IGTF RAT of your response.

For more information on recent (EC)DSA and MD5 issues, please see:
http://www.eugridpma.org/newsletter/eugridpma-newsletter-20090102.txt
http://www.eugridpma.org/newsletter/eugridpma-newsletter-20090108.txt

For example scripts for checking (EC)DSA, MD5, and weak keys, please
see: http://tagpma.es.net/wiki/bin/view/IGTF-RAT/2009-01

Regards,
Jim Basney
On behalf of the IGTF RAT
http://tagpma.es.net/wiki/bin/view/IGTF-RAT

Results

  • 3 IGTF CAs issued certificates containing (EC)DSA keys, which will all be expired by Aug 27 2009.
  • 11 IGTF CAs issued certificates using MD5.
  • No IGTF CAs were currently issuing certificates using MD5.
  • 19 IGTF CAs issued CRLs using MD5. 8 were currently issuing CRLs using MD5.
  • 30 IGTF CAs had implemented automated checks for RSA keys with weak exponents.
  • 31 IGTF CAs had implemented automated checks for known weak Debian OpenSSL keys.
  • 38 IGTF CAs had implemented automated checks for issued certificates using MD5.

Sample Scripts

Please contribute your own scripts below for the benefit of other CA operators.

Check PEM certificates for (EC)DSA and MD5

Assumes you're sitting in the directory containing the PEM encoded certificates you wish to check - and nothing else.

#!/bin/sh
for f in `ls`; do 
   openssl x509 -text -in $f | egrep -H 'DSA-Parameters|ECDSA-Parameters|DSA Public Key|Algorithm: md5' > /dev/null 2>&1;
   if [ $? = "0" ]; then
      echo "$f matches"
   fi
done

If you have too many certs to fit on a Unix command line (the backticks above), this trick can help (with a slight variation on the grep):

for a in 0 1 2 3 4 5 6 7 8 9 A B C D E F
do for f in $a*.pem
do if openssl x509 -text -noout -in $f | egrep -q 'DSA-Parameters|ECDSA-Parameters|DSA Public Key|Algorithm: md5' ; then echo $f is affected ; fi
done
done

Check PEM CRLs for MD5

#!/bin/sh
for f in `ls *.r0`; do 
   openssl crl -text -in $f | egrep -H 'Algorithm: md5' > /dev/null 2>&1;
   if [ $? = "0" ]; then
      echo "$f matches"
   fi
done

Check PEM certificates for Debian keys

#!/bin/sh
for f in `ls -1 *.pem` ; do
tag=`openssl x509 -noout -modulus -in $f|sha1sum|cut -d ' ' -f 1|cut -c21-41`;
serial=`basename $f .pem` ;
if [ `fgrep -c $tag /tmp/blacklist.RSA-1024` \
      -ne 0 -o \
      `fgrep -c $tag /tmp/blacklist.RSA-2048` \
      -ne 0 ] ; then
   dn=`openssl x509 -noout -subject -in $f| sed -e 's/subject= //'` ;
   caid=`awk '/Tag:/ { print $NF}' $f` ;
   echo "$serial $caid $dn" ;
fi ;
done

The blacklist files are available from:

Check PEM certificates with weak RSA exponents

Adapted by ShreyasCholia335418 from Von Welch's posting at: http://lists.canarie.ca/pipermail/tagpma-general/2006-September/000983.html

#!/bin/sh

for file in `ls -1`; do
     exponent=`openssl x509 -in $file -noout -pubkey | \
               openssl rsa -pubin -text -noout | \
               grep Exponent | awk '{print $2}'`
     if [ "$exponent" -lt 65537 ]; then
         echo "Weak exponent: $exponent in $file"
     fi
done

to top

You are here: IGTF-RAT > 2009-01

to top

Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback