locked
X.509 Certificates – Are all fields in a certificate "secure" or not RRS feed

  • Question

  • Howdy everyone!

    I have a question about X.509 certificates in general and I hope this is the right forum because I couldn't find a forum directly related to my question.

     

    We have currently a system in production that is used to send sales, HR and other figures to the HQ. This system consists of several installations of "Data Harvester", an ASP.NET application, which is used to save the figures the HQ is requesting. Each installation (we have currently round about 100 of them) is combined with a "Reporter" that is a WCF application that sends the entered data once a day to the HQ. This decentralised architecture was a direct request from the customer, so there is no way around it.

     

    Each reporter that is sending in data is authenticated by using a X.509 certificate. This might be a personal certificate for a small subsidiary, or a group certificate for a bigger location that have an own server where DH and REP is installed. All certificates are issued by the customers root authority on behalf of the central HR department.

     

    Basically everything is working well, but since the installation is now used on nearly all locations of the customers, we are running into some trouble with this certificate authentication

     

    Expired or revoked certificates will automatically cause the X.509 Chain to fail so we do not accept the data (and this is perfectly okay). When a certificate is valid, the central server will look up the fingerprint of the certificate in a table to find out to which department/person it belongs. Although this table is highly secured and has a change log (using SQL Server CDC) activated, this is something the customer wanted to change.

     

    From my knowledge of X.509 certificates, only the Fingerprint (using a secure hash procedure like SHA-1 [although some collisions have been found]) really identifies a certificate. On the other hand, the certificates the HR department generates includes basically the same data we have in the table (Department, Subsidiary, Country etc.) so we could just extract the data from there.

     

    But would this be secure? We have done some tests with PFX files (without any password) and changed values in it using a HEX Editor and the certificate was not usable after that.

     

    Given that, it would be no security thread to use the data from the certificate and stop using the Fingerprint lookup table, but I don't want to replace the existing solution with a "my little sister breaks that in 5 minutes" security.

     

    Sorry for the long text, but I thought this would help to help understanding why this question is so vital for us.

     

    Any help would be highly appreciated. Thanks!


    I like me.
    Thursday, February 19, 2009 8:39 AM

All replies

  • Anyone has some knowledge about this? 
    I like me.
    Monday, February 23, 2009 1:34 PM