Enumerate private keys without reading it

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Enumerate private keys without reading it

Jonsy (teleline)
Perhaps a stupid question.... but I don't know if possible.

In order to accept a certificate from card, i want to use
only those certs that have a private key matching certid.
So I need to enumerate all private key id's on card
_without_ reading it (that is: without prompting PIN).

Once cert is accepted and validated, I'll ask pin to proper
login, and use private key to do aditional tests...

By mean of OpenSC this is easy: pkcs15-tool already does it.
But I'm constrained to use only PKCS#11 API. "pkcs11-tool -O"
only list private keys if pin is provided

Any ideas/samples?

Thanks in advance.

Juan Antonio

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Andreas Jellinghaus-2
Am Mittwoch, 7. Dezember 2005 11:21 schrieb Jonsy (teleline):
> In order to accept a certificate from card, i want to use
> only those certs that have a private key matching certid.
> So I need to enumerate all private key id's on card
> _without_ reading it (that is: without prompting PIN).

still not sure what opensc does (oops, we need to put it
into the wiki), but several pkcs#11 implementations won't
show you private keys without login.

the consensus here is to use a heuristic:
we assume a non ca certificate on a card has a private key.
(what other reason could you have to put a certificate on
 a smart card, other than cert+key or a ca chain cert?)

hmm. "ca cert" is maybe not the best idea, someone could
put a ca cert on a card as well. better heuristic would
be "chain cert", i.e. take all certificates, remove those
that are part of some certificate chain (except the leave
certificates), and those are supposed to have private keys
on the card.

if anyone has coded this yet, please post a copy. would
make a nice example page in the wiki, along with all this
reasoning, since hte copy comes up every few months.

> By mean of OpenSC this is easy: pkcs15-tool already does it.
which does not use pkcs#11 api.

> But I'm constrained to use only PKCS#11 API. "pkcs11-tool -O"
> only list private keys if pin is provided

even if opensc showed the private keys, other pkcs#11 implementation
won't so I guess you don't want your code to rely on that.
so I suggest to stick with the heuristic.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Jonsy (teleline)
El mié, 07-12-2005 a las 11:50 +0100, Andreas Jellinghaus escribió:

As supposed, cannot "list_keys_without_read" in pkcs11 API :-(

http://opensc.org/pipermail/opensc-devel/2005-November/007622.html

[...]

> the consensus here is to use a heuristic:
> we assume a non ca certificate on a card has a private key.
> (what other reason could you have to put a certificate on
>  a smart card, other than cert+key or a ca chain cert?)
>
> hmm. "ca cert" is maybe not the best idea, someone could
> put a ca cert on a card as well. better heuristic would
> be "chain cert", i.e. take all certificates, remove those
> that are part of some certificate chain (except the leave
> certificates), and those are supposed to have private keys
> on the card.
I think that a different aproach is simpler for me:

In pam_pkcs11, I'll take all certificates, and assume
that the first valid one that returns a successfull
username find/match, is the correct one. Your check for
skip those certs that are part of ca-chain is a TODO :-)

On sucess, i'll ask for pin and call C_Login() to check
private key, throwing an error if no privkey found
Else, i'll ask for pin _without_ calling C_login(), to create
a "fake password" (+random_delay) query, as login, xdm and so do

Any objections?

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Stef Hoeben-2
In reply to this post by Andreas Jellinghaus-2
Andreas Jellinghaus wrote:

>Am Mittwoch, 7. Dezember 2005 11:21 schrieb Jonsy (teleline):
>  
>
>>In order to accept a certificate from card, i want to use
>>only those certs that have a private key matching certid.
>>So I need to enumerate all private key id's on card
>>_without_ reading it (that is: without prompting PIN).
>>    
>>
>
>still not sure what opensc does (oops, we need to put it
>into the wiki), but several pkcs#11 implementations won't
>show you private keys without login.
>  
>
It's not in OpenSC. It's simple to do and maybe permitted by the standard
but the paches were always rejected..

I've added something on http://www.opensc.org/opensc/wiki/PKCS11

>the consensus here is to use a heuristic:
>we assume a non ca certificate on a card has a private key.
>(what other reason could you have to put a certificate on
> a smart card, other than cert+key or a ca chain cert?)
>
>hmm. "ca cert" is maybe not the best idea, someone could
>put a ca cert on a card as well. better heuristic would
>be "chain cert", i.e. take all certificates, remove those
>that are part of some certificate chain (except the leave
>certificates), and those are supposed to have private keys
>on the card.
>  
>
Guess that boils down to checking if the cert is a CA cert or not.
So you'd have to parse the cert and look for the basic constraints.

Cheers
Stef

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Martin Paljak
In reply to this post by Andreas Jellinghaus-2
http://www.opensc.org/pipermail/opensc-devel/2004-October/004686.html

This you mean ?



On 12/7/05, Andreas Jellinghaus <[hidden email]> wrote:

> Am Mittwoch, 7. Dezember 2005 11:21 schrieb Jonsy (teleline):
> > In order to accept a certificate from card, i want to use
> > only those certs that have a private key matching certid.
> > So I need to enumerate all private key id's on card
> > _without_ reading it (that is: without prompting PIN).
>
> still not sure what opensc does (oops, we need to put it
> into the wiki), but several pkcs#11 implementations won't
> show you private keys without login.
>
> the consensus here is to use a heuristic:
> we assume a non ca certificate on a card has a private key.
> (what other reason could you have to put a certificate on
>  a smart card, other than cert+key or a ca chain cert?)
>
> hmm. "ca cert" is maybe not the best idea, someone could
> put a ca cert on a card as well. better heuristic would
> be "chain cert", i.e. take all certificates, remove those
> that are part of some certificate chain (except the leave
> certificates), and those are supposed to have private keys
> on the card.
>
> if anyone has coded this yet, please post a copy. would
> make a nice example page in the wiki, along with all this
> reasoning, since hte copy comes up every few months.
>
> > By mean of OpenSC this is easy: pkcs15-tool already does it.
> which does not use pkcs#11 api.
>
> > But I'm constrained to use only PKCS#11 API. "pkcs11-tool -O"
> > only list private keys if pin is provided
>
> even if opensc showed the private keys, other pkcs#11 implementation
> won't so I guess you don't want your code to rely on that.
> so I suggest to stick with the heuristic.
>
> Andreas
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
>


--
Martin Paljak
[hidden email]
http://martin.paljak.pri.ee/
+372.5156495 - phone
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Andreas Jellinghaus-2
In reply to this post by Stef Hoeben-2
well, it is ok for me to make private keys visible,
either per default or using a config option.
I don't see any benefit in hiding the existence of
a private key.

but: for application developers such a change is of
little help, unless they only care about opensc.
other pkcs#11 implementations might still hide the
private key, so they are better off with a heuristic,
than with looking for private keys.

> >hmm. "ca cert" is maybe not the best idea, someone could
> >put a ca cert on a card as well. better heuristic would
> >be "chain cert", i.e. take all certificates, remove those
> >that are part of some certificate chain (except the leave
> >certificates), and those are supposed to have private keys
> >on the card.
>
> Guess that boils down to checking if the cert is a CA cert or not.
what is a CA cert? is there some magic attribute?
remember: the ca key might be on a smartcard, too, and people
will want to use it.

> So you'd have to parse the cert and look for the basic constraints.
yes. but I suggest an even more difficult check: parse all certificates,
arange them in form of trees, and assume all leave certificates have
a private key. that should work well for smartcards with CA keys, too,
since such a card is unlikely to also have other keys stored on it.

also for some applications it is fine to assume that all certs have a key
next to it. for example in pam_p11 I do that, since I compare the list
of certs/keys against the .eid/authorized_certificates or .ssh/authorized_keys
file, and I guess noone will put a ca key in there.

so it depends on the application what is the best thing to do.

we can make private keys public, but I see little benefit in doing so:
if the application wants to work with any pkcs#11 module, it needs to
work with hidden private keys.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Andreas Jellinghaus-2
In reply to this post by Martin Paljak
Am Mittwoch, 7. Dezember 2005 13:22 schrieb Martin Paljak:
> http://www.opensc.org/pipermail/opensc-devel/2004-October/004686.html

for example. I'm sure the topic came up at least once more.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: Enumerate private keys without reading it

Andreas Jellinghaus-2
In reply to this post by Jonsy (teleline)
Am Mittwoch, 7. Dezember 2005 13:13 schrieb Jonsy (teleline):
> In pam_pkcs11, I'll take all certificates, and assume
> that the first valid one that returns a successfull
> username find/match, is the correct one. Your check for
> skip those certs that are part of ca-chain is a TODO :-)

call it optional. In pam_p11 I also consider all certificates,
and compare that list against .eid/authorized_certificates file.
I guess noone will put their valueable ca cert in there, so it
should be fine.

> On sucess, i'll ask for pin and call C_Login() to check

not sure about pkcs#11 level, but isn't it possible
to setup the card so no pin is required to use it?
might be nice to check the appropriate flag, maybe no
login is needed.

> Else, i'll ask for pin _without_ calling C_login(), to create
> a "fake password" (+random_delay) query, as login, xdm and so do

well, I still think it is best for smart card users to never
enter any pin, unless they are sure what they are doing.
and thus applications also shouldn't ask for a pin, unless
they need it. so in pam_p11 I won't ask at all for a pin.

yes, you can see if some card is allowed to be used for
login with some account that way. you need to know the
account and account -> real name is not a protected
information usualy, and real name of card owner is
usualy neither protected, so the information I'm leeking
is not realy secret either.

but again, those are only the reasons why pam_p11 works the
way it does. its perfectly fine if pam_pkcs11 sets the priorities
different and thus behaves differently.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Martin Paljak
In reply to this post by Andreas Jellinghaus-2
Most probly. FYI - i've used this 'patch' with 'default on' for a long
time and in case of esteid it causes no real problems.

I think we should apply the patch and then argue what shall be the
default mode of operation. It can remain the paranoid one for now but
would allow some folks to modify the behaviour.

m.
On 12/7/05, Andreas Jellinghaus <[hidden email]> wrote:

> Am Mittwoch, 7. Dezember 2005 13:22 schrieb Martin Paljak:
> > http://www.opensc.org/pipermail/opensc-devel/2004-October/004686.html
>
> for example. I'm sure the topic came up at least once more.
>
> Andreas
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
>


--
Martin Paljak
[hidden email]
http://martin.paljak.pri.ee/
+372.5156495 - phone
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Stef Hoeben-2
Martin Paljak wrote:

>Most probly. FYI - i've used this 'patch' with 'default on' for a long
>time and in case of esteid it causes no real problems.
>
>I think we should apply the patch and then argue what shall be the
>default mode of operation. It can remain the paranoid one for now but
>would allow some folks to modify the behaviour.
>  
>
Agree.

Stef

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enumerate private keys without reading it

Martin Paljak
Hmm, but after some testing - FF1.5 shall want to do prkey operations
without first logging in if this hack is turned on - so even if we
make it configurable the default should be as it is.

m.



On 12/7/05, Stef Hoeben <[hidden email]> wrote:

> Martin Paljak wrote:
>
> >Most probly. FYI - i've used this 'patch' with 'default on' for a long
> >time and in case of esteid it causes no real problems.
> >
> >I think we should apply the patch and then argue what shall be the
> >default mode of operation. It can remain the paranoid one for now but
> >would allow some folks to modify the behaviour.
> >
> >
> Agree.
>
> Stef
>
>


--
Martin Paljak
[hidden email]
http://martin.paljak.pri.ee/
+372.5156495 - phone
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel