I am trying to use BouncyCastle (1.52) on Java to create a CA certificate and then issue a client certificate from that.
I have managed to do so using the class X509v3CertificateBuilder however that class only takes the X500Name of the issuer and the private key which means no validation seems to be performed on whether the certificate being used to generate/sign the client certificate is even allowed to do so. This allow me to do things like signing a client certificate with another client certificate (BasicConstraint extension set to false) or with a certificate which does not have the correct KeyUsage extension.
Is there some class which performs all these validations upon signing in BC or is that something left to be implemented by the user?
Related
I want to sign the payload of HTTP Requests and Responses. The signature should reside in the header. The signing mechanism should not require any change in existing payload structure.
The main use case is non-repudiation.
There are many custom ways of doing it but I am looking for a standard.
If possible there should be support for signature verification without having to manually seed each application with other applications' public keys (the way Public Key Infrastructure it works with SSL certs)
Is there an existing standard that does this?
Yes, there is an IETF draft for signing HTTP.
https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/
To the question about PKI, you can do certificate distribution in the signed headers so if you do have a root of trust for the keys you don't need to copy the individual public keys around.
I'm building an identity service using PKI and MTLS for authentication.
I use AWS ACM PCA for private certificate authority and AWS KMS for key pairs.
I use the private key created by KMS to sign the Certificate Signing Request that's sent to PCA for creating a client certificate.
The client certificate is then bundled together with the CA certificate chain and the private key in PKCS#12 format and returned to the user which is used to authenticate the user.
We also want the user to be able to sign data, e.g. a json string a PDF file e.t.c.
According to KMS documentation they recommend different types of keys for signing and encryption.
So, do I need different certificates for signing data and if so, what's the point of the signing certificate if the data is signed with the private key and the authentication is made with the client certificate?
We want to be able to authenticate the user using one certificate which is not protected by a password and require password for signing, so I guess we need different PKCS#12 stores?
I wish to secure an API with OAuth 2.0 Mutual TLS Client Authentication. Here the client will send its certificate to the OAuth server(servlet). I want to generate a certificate bounded access token with the client certificate. I referred to this documentation: https://www.rfc-editor.org/rfc/rfc8705.html. I have understood how this authentication works but I practically don't know how to store the client certificate hash in the JSON Web Key.
Can anyone tell what the contents should the client certificate contain and how to make a certificate hash and create JSON Web Keys to store the hash and how can I validate the client with both client certificate and certificate bounded access token in the return request to the resource server(API).
If there any methods or ways of doing this please suggest them.
Sorry for my bad English. I have read about Security and understood how RSA work.
But how can RSA keep Authentication, a man in middle can use public key and fake message back. And how it keep Non-repudiation, someone who send you a message encrypted by public key can say that it is not from him and it is faked?
There is some math behind RSA PKI (public key infrastructure) but I will try to keep it simple. Though this scenario is described in many other sites and questions/answers. What exacly you don't understand?
The idea is, that it is easy to encrypt with the public key, but not possible to decrypt. The decryption is possible only with the private key.
Seems your question is aiming somewhere else. What you are missing (and is not part of the RSA itself) are certificates. Certificates may use RSA. A certificate is information about a holder of the public key. Still - there is a problem. If an entity (person, website) provides you a certificate, how can you be sure the cretificate really belongs to the website, person or organization?
That's why there is defined term Certificate Authority (CA) - there are organizations which you (or your browser) should trust.
So when a website creates its RSA keypair, some certificate authority issues a signed certificate (bound to the public key) that the certificate is really from the website, person or organization.
a man in middle can you public key and fake message back.
Your client (browser, application) must have a list of trusted Certificate Authorities. Usually it is already stored in your system. So the real web page can provide its public key and certificate and use encryption based on the public key. The browser checks that the certificate is valid and it is issued by a trusted authority.
The "man in the middle" would not be able to provide valid and trusted (signed by CA) certificate.
And how it keep Non-repudiation, someone who send you a
message encrypted by public key can say that it is not
from him and it is faked?
The same comes to the signing. Once data are signed (or authenticated) using the private key, the signature can be validated by anyone using the public key. A certificate is bound to the public key. Usualy the signing certificate is issued only when identity is verified by the certificate authority (for example for electronic ID cards, code signing certificates, ..). So anyone could verify the signature was created by someone who was verified by a trusted authority.
We have Web API 2 application exposed to outside vendors for various integrations. We're adding a new one with DocuSign through their Connect service and they will be signing their requests with their X509 certificate. I would rather not install the certificate on the server itself because we add new servers and deployments often based on load.
Here is my plan, and I'd like to know what the security risks are with it (assuming it will work at all).
DocuSign provides their X509 certificate for download. I want to place that *.cer file in my Web API application's ~/App_Data folder, along with any other certs from any other vendors. I will use a DelegatingHandler to grab the client certificate from the Request. I would then use the X509Chain class as described here to load all certificates from the ~/App_Data folder and to verify the request certificate.
From there I would map the certificate subject to a role and add that to the current thread to provide authentication for specific routes.
I've gathered from my research that this method would be less secure than installing DocuSign's certificate to the server's root store - is that correct? And how much less secure?
At the end of the day I'd like to (1) verify that the request is coming from who it says it's coming from, and (2) add roles based on the verified requester for authentication.