Geek Answers Handbook

Pinning Certificate - Public Key Only?

I would like to bind the root CA public key (verisign - http://www.verisign.com/repository/roots/root-certificates/PCA-3G5.pem ) to my iOS application. Is it better to bind a public key or subjectPublicKeyInfo? Can someone please explain to me which method is better and why?

+7
source share
3 answers

I would argue that it is better to publish the public key of the object, rather than the CA public key. Here is my understanding of the various trade-offs associated with assigning a CA root key:

Good As long as you keep the same CA, you can renew your certificate again and again, and it will always work.

Bad I think that you will be a little more vulnerable to a MITM attack, fixing the CA CA root key, and not the theme public key, because you will consider valid any certificate signed by this CA, and not just those that really match your question.

How about attaching an object's public key? Basically, you should be a little more secure than attaching a CA public key, and your application should continue to work even after the certificate has expired and renewed if you support the same public key.

I just posted a question and a decision on how to connect the public key, I hope this helps you: How to connect the certificate public key to iOS

+4
source

I would like to bind the public key of the root CA ...

A simple way to get rid of a bicycle, but it is probably safer to bind a certificate or public key of a server or service, rather than a root or intermediate certificate. This is especially true if you use a public CA, such as DigiCert or Verisign (as opposed to a private, corporate CA).

In the case of an open CA, the CA may incorrectly issue a second certificate, and clients will not be able to distinguish between a "real" certificate (the one that was issued to you) and a "fake" certificate (one that is issued incorrectly). This has happened in real life several times, so you should expect it to happen again.

Is it better to bind a public key or subjectPublicKeyInfo? Can someone please explain to me which method is better and why?

It is better to connect the public key (at least in case of binding the server certificate).

Some organizations, such as Google, rotate their server certificates every 30 days or so. However, they re-confirm the same public key. See, for example, Android 4.2 and Pinning . This means that you will observe “key continuity”, but not “certificate continuity”.

Recertification of the same public key is why CertPatrol in some cases works so poorly in the user interface. We really need a public key patch in cases like Google services.

+1
source

It is better to connect SPKI (Subject Public Key Info), since it contains both a public key and a key algorithm (RSA, ECDSA, etc.). This is described in more detail in this article by the Google TLS guru https://www.imperialviolet.org/2011/05/04/pinning.html :

SPKI includes the type of public key and some parameters along with the public key itself. This is important because simply hashing the public key leaves one open to attacks with incorrect interpretation. Consider the Diffie-Hellman public key: if only the public key is hashed, not the full SPKI, then the attacker can use the same public key, but force the client to interpret it in another group. Similarly, you can force the RSA key to be interpreted as a DSA key, etc.

One of the problems with securing SPKI in an iOS application is that the security infrastructure in iOS does not provide an API for parsing and extracting SPKI bits ( https://nabla-c0d3.imtqy.com/blog/2015/08/11/ security-framework-wish-list / ).

The good news is that an open source library is available for this: https://github.com/datatheorem/TrustKit .

0
source

More articles:


All Articles