none
Determine if a X509Certificate2 came from a specific trusted authority? RRS feed

  • Question

  • Hello All.

    I am (after much annoyance revolving around the fact that CAPICOM signs 16 bit strings and I didnt realize I this!) using a web-based digital signature tool that is successfully signing content and transporting the signature to and fro the server.

    I am able to use X509Chain to verify the certificate, with online revocation status and the X509Chain reports that the certificate/chain is valid.

    However, is it possible to fake the certificate? How Does it work? My Code is below, and I am basically concerned about people
    a) trying to sign using a certificate created on their local desktop, and not trusted by my server.
    and
    b) Using a "fake" certificate that appears to come from my trusted authority.

    Do I have much to worry about? Does the X509 Chain Verify already check against the trusted store? What happens when online revocation is installed?


     

         //get the signature bytes
                byte[] decbuff = digitalSignature.ToArray();
    
    
                //we first create a contentinfo with the signature, as the signature does not by default have the content info
                //when passed in
    
    
                //CAPICOM USES 16 BIT ENCODING
                Encoding utf16Enc = Encoding.GetEncoding("UTF-16LE");
    
    
                byte[] utf16Data = utf16Enc.GetBytes(GetStringForDigitalSignature);
    
    
                //byte[] contentBytes = Convert.FromBase64String(getContent);
    
                ContentInfo content = new ContentInfo(utf16Data);
    
                System.Security.Cryptography.Pkcs.SignedCms cms = new System.Security.Cryptography.Pkcs.SignedCms(content, true);
                cms.Decode(decbuff);
    
                int length = decbuff.Length;
                X509Certificate2 cert = cms.Certificates[0];
                            
                X509Chain chain = new X509Chain();
    
                chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
                chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
                chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
                chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;                  
                bool theVal = chain.Build(cert);
                if (theVal == false)
                    throw new Exception("Error validating chain.");
                cms.CheckHash();
                cms.CheckSignature(false);
                signerCertificate = cert;

    Tuesday, August 18, 2009 8:00 PM

Answers

  • X509Chain already does all the checks - especially (in your case) if the certificate was issued by some trusted CA (one of the CAs in your trusted certificate authority list).

    So 

    a) since it is not trusted, the check would fail
    b) for creating a "fake" cert, the attacker would need the signing key of some trusted CA

    Another concern you should have is, the trusted CA list typically contains a number of CAs. Your X509Chain code will check if the cert was issued by one of them. After you know the cert is trusted, you should walk up the chain to make sure it was issued by a specific CA.

    Online recocation check means that X509Chain tries to download the revocation list from the location specified in the CRL distribution point property in the cert. If the cert is listed as revoked, the check will fail.



    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Wednesday, August 19, 2009 9:28 AM