PKCS#15-question about Cert-IDs and Key-IDs

classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

PKCS#15-question about Cert-IDs and Key-IDs

Peter Koch-3
Hi

I just learned that PKCS#15 IDs are non-unique and MUST be choosen
such that a certificate has the same ID as its correspoding
private and public key.

Therefore I changed my PKCS#15-emulation for NetKey cards.

This kind of card contains more then one certificate that correspond
to the same private key and now all this certificates will be given the
same ID (namely the ID of the corresponding private key).

IS THAT CORRECT BEHAVIOUR ????

If yes - how is pkcs15-tool -r <ID> supposed to work if the given
ID is non-unique.

Peter

--
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Nils Larsch
Peter Koch wrote:
> Hi
>
> I just learned that PKCS#15 IDs are non-unique and MUST be choosen

it is not a must, just a recommendation to simplify the search for
the corresponding private key (btw: afaik pkcs11 recommends to use
subject key identifier (normally a digest of the key) as id)

> such that a certificate has the same ID as its correspoding
> private and public key.
>
> Therefore I changed my PKCS#15-emulation for NetKey cards.
>
> This kind of card contains more then one certificate that correspond
> to the same private key and now all this certificates will be given the
> same ID (namely the ID of the corresponding private key).
>
> IS THAT CORRECT BEHAVIOUR ????

I guess you know my opinion :)

>
> If yes - how is pkcs15-tool -r <ID> supposed to work if the given
> ID is non-unique.

good point, I think it should return all certs for a specific
id. However I guess it just returns the first certificate found ...

Have a nice weekend,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Christian Horn-2
In reply to this post by Peter Koch-3
Hi,


>This kind of card contains more then one certificate that correspond
>to the same private key and now all this certificates will be given the
>same ID (namely the ID of the corresponding private key).
>IS THAT CORRECT BEHAVIOUR ????
There are no papers describing the NetkeyE4-standart in this detail?
So we are just concluding on it from seeing it implemented?
May be the cards here to not follow NetkeyE4 correctly, how would
we notice?


I wonder how you will conclude on the correct private-key from looking
at the cert.

>If yes - how is pkcs15-tool -r <ID> supposed to work if the given
>ID is non-unique.
Looks like one would need an other vector/number to describe, i.e.
ising ID 1.1 or something.


I have an idea for a different implementation: leave the current counting
of certs as it is. When an application tries to use cert with an ID that
has no private key with the same ID decrease the ID until we hit the ID
of an existing private key. That way i could still address all certs on
the card, which is a problem at the moment with the dirty hack.
OpenSwan should a) ask for the cert with ID 2 and get it, and b) ask
for privatekey ID 2 and get it.


I have no clue about smartcards, dont take me too serious ;)

Greetings, Christian.
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Peter Koch-3
In reply to this post by Nils Larsch
> > I just learned that PKCS#15 IDs are non-unique and MUST be choosen
>
> it is not a must, just a recommendation to simplify the search for
> the corresponding private key (btw: afaik pkcs11 recommends to use
> subject key identifier (normally a digest of the key) as id)

If this is a recommendataion only then OpenSwan should not rely on
it. On the other hand OpenSwan seems to select certificates by ID,
so it seems ta assume that an ID (uniquely) identifies a certificate.

If PKCS#11 recommends to user subject identifiers as IDs then this is
a recommendation to use unique IDs as different certificates will most
likely have different subject identifiers. If one follows this
recommendation, what ID should be choosen for a private key that
is shared by two different certificates?

The following two assumptions (or recommendation):

1) certificates can be uniquely identified by ID
2) for each certificate there exists a private key with the same ID

cannot be fulfilled at the same time if a token has more than one
certificate per key. I therefore guess that the PKCS#11-recommendations
were meant for tokens with a on-to-one mapping between certificates
and keys only.

So I cannot change my NetKey-emulation such that OpenSwan can
use both certificates and Christian must hardcode in pkcs15-tcos.c
which certificate he wants to use with OpenSwan - very unsatisfying !!

Peter

--
Telefonieren Sie schon oder sparen Sie noch?
NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Nils Larsch
In reply to this post by Christian Horn-2
Christian Horn wrote:
...

>>If yes - how is pkcs15-tool -r <ID> supposed to work if the given
>>ID is non-unique.
>
> Looks like one would need an other vector/number to describe, i.e.
> ising ID 1.1 or something.
>
>
> I have an idea for a different implementation: leave the current counting
> of certs as it is. When an application tries to use cert with an ID that
> has no private key with the same ID decrease the ID until we hit the ID
> of an existing private key. That way i could still address all certs on
> the card, which is a problem at the moment with the dirty hack.
> OpenSwan should a) ask for the cert with ID 2 and get it, and b) ask
> for privatekey ID 2 and get it.

this would require a changes in every application using libopensc
(including pkcs11), hence not a good idea :)

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Christian Horn-2
On Mon, Feb 06, 2006 at 07:36:06PM +0100, Nils Larsch wrote:

> Christian Horn wrote:
> ...
> >>If yes - how is pkcs15-tool -r <ID> supposed to work if the given
> >>ID is non-unique.
> >
> >Looks like one would need an other vector/number to describe, i.e.
> >ising ID 1.1 or something.
> >
> >
> >I have an idea for a different implementation: leave the current counting
> >of certs as it is. When an application tries to use cert with an ID that
> >has no private key with the same ID decrease the ID until we hit the ID
> >of an existing private key. That way i could still address all certs on
> >the card, which is a problem at the moment with the dirty hack.
> >OpenSwan should a) ask for the cert with ID 2 and get it, and b) ask
> >for privatekey ID 2 and get it.
>
> this would require a changes in every application using libopensc
> (including pkcs11), hence not a good idea :)

Please make me understand how they would break :)

As i see it the only change would be in OpenSC. Just bevore returning a
'could not find private-key with the ID you requested' it would try to
get the private-key ID-1 and return that if possible.
This would help with OpenSwan for my kind of smartcard.

Downsides i see are
- applications expecting to get a 'no private-key of that ID there'
- making this workaround for a probably low number of cases
- the cardtype the workaround is for isnt even fitting into
PKCS#11-recommendations

Just discovered that signing/encrypting with pkcs15-crypt gives me
'Compute signature failed: Buffer too small' / no message at all, and
no output-file, grmpf.

Greetings, Christian.
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Nils Larsch
Christian Horn wrote:
...

>>>I have an idea for a different implementation: leave the current counting
>>>of certs as it is. When an application tries to use cert with an ID that
>>>has no private key with the same ID decrease the ID until we hit the ID
>>>of an existing private key. That way i could still address all certs on
>>>the card, which is a problem at the moment with the dirty hack.
>>>OpenSwan should a) ask for the cert with ID 2 and get it, and b) ask
>>>for privatekey ID 2 and get it.
>>
>>this would require a changes in every application using libopensc
>>(including pkcs11), hence not a good idea :)
>
>
> Please make me understand how they would break :)
>
> As i see it the only change would be in OpenSC. Just bevore returning a
> 'could not find private-key with the ID you requested' it would try to
> get the private-key ID-1 and return that if possible.
> This would help with OpenSwan for my kind of smartcard.

if the application asks the library for a key with a certain id
the library should return this key object (if it exists) and
nothing else. Otherwise the library would return something the
application would not expect (as returning a key with a different
id contradicts the specification of the function), hence break
the api. Of course one could add a new function returning a private
key object for a specifc cert/public object, but this would require
changes in the applications using opensc.
Furthermore such a new function wouldn't be usable for pkcs11 as
the pkcs11 api doesn't support this functionality ...

>
> Downsides i see are
> - applications expecting to get a 'no private-key of that ID there'
> - making this workaround for a probably low number of cases
> - the cardtype the workaround is for isnt even fitting into
> PKCS#11-recommendations
>
> Just discovered that signing/encrypting with pkcs15-crypt gives me
> 'Compute signature failed: Buffer too small' / no message at all, and
> no output-file, grmpf.

what did you exaclty try to do ?

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Frederic Detienne
Hi Nils,

Now, I am getting really curious about what document precludes or allows
several similar object per ID.

In fact, I even wonder what it would mean to have several private keys
sharing the same ID. You can't retrieve them and figure which one you
prefer... the key is used by the card and all you get is a result
(signature). This makes me doubting that various similar objects could
share an ID.

Would (AuthID | ID) be a unique identifier ? I.e. the right object with
the desired ID would be unique for a given AuthID (but there could be
several objects with the same ID and a different AuthID)...

This way, selecting the right object becomes a matter of logging in
(with an AuthID) and then selecting an object (by ID).

I am just guessing here as I do not have access to ISO 7816-[4,5] to
verify and I can't find relevant information in PKCS#15.

Can you share what you know about this ?

thanks,

        fred

On Tue, 2006-02-07 at 21:54 +0100, Nils Larsch wrote:

> Christian Horn wrote:
> ...
> >>>I have an idea for a different implementation: leave the current counting
> >>>of certs as it is. When an application tries to use cert with an ID that
> >>>has no private key with the same ID decrease the ID until we hit the ID
> >>>of an existing private key. That way i could still address all certs on
> >>>the card, which is a problem at the moment with the dirty hack.
> >>>OpenSwan should a) ask for the cert with ID 2 and get it, and b) ask
> >>>for privatekey ID 2 and get it.
> >>
> >>this would require a changes in every application using libopensc
> >>(including pkcs11), hence not a good idea :)
> >
> >
> > Please make me understand how they would break :)
> >
> > As i see it the only change would be in OpenSC. Just bevore returning a
> > 'could not find private-key with the ID you requested' it would try to
> > get the private-key ID-1 and return that if possible.
> > This would help with OpenSwan for my kind of smartcard.
>
> if the application asks the library for a key with a certain id
> the library should return this key object (if it exists) and
> nothing else. Otherwise the library would return something the
> application would not expect (as returning a key with a different
> id contradicts the specification of the function), hence break
> the api. Of course one could add a new function returning a private
> key object for a specifc cert/public object, but this would require
> changes in the applications using opensc.
> Furthermore such a new function wouldn't be usable for pkcs11 as
> the pkcs11 api doesn't support this functionality ...
>
> >
> > Downsides i see are
> > - applications expecting to get a 'no private-key of that ID there'
> > - making this workaround for a probably low number of cases
> > - the cardtype the workaround is for isnt even fitting into
> > PKCS#11-recommendations
> >
> > Just discovered that signing/encrypting with pkcs15-crypt gives me
> > 'Compute signature failed: Buffer too small' / no message at all, and
> > no output-file, grmpf.
>
> what did you exaclty try to do ?
>
> Cheers,
> Nils
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Nils Larsch
Frederic Detienne wrote:
> Hi Nils,
>
> Now, I am getting really curious about what document precludes or allows
> several similar object per ID.

have a look at the pkcs15 or pkcs11 standard (both are free :)

>
> In fact, I even wonder what it would mean to have several private keys
> sharing the same ID.

The primary use of the pkcs15 (or pkcs11) id seems to be the assignment
of a private key to the different cert und public key objects for this
private key (and of course it can make sense to have more than one cert
for a given private key).

> You can't retrieve them and figure which one you
> prefer... the key is used by the card and all you get is a result
> (signature). This makes me doubting that various similar objects could
> share an ID.
>
> Would (AuthID | ID) be a unique identifier ?

for a private key ? almost certainly as every private key should
have unique id

> I.e. the right object with
> the desired ID would be unique for a given AuthID (but there could be
> several objects with the same ID and a different AuthID)...

most cards have just one user pin

>
> This way, selecting the right object becomes a matter of logging in
> (with an AuthID) and then selecting an object (by ID).

normally the application chooses a certificate which it would like
to use for a certain. The next step would be find the private key
for this certificate, but this should be easy as there should be only
one private key with a specific id (pkcs11 recommends to use the value
of the subjectPublicKeyIdentifier for the id). Whether or not there
several certificates with the same id doesn't matter here ...

>
> I am just guessing here as I do not have access to ISO 7816-[4,5] to
> verify and I can't find relevant information in PKCS#15.

http://www.rsasecurity.com/rsalabs/node.asp?id=2124

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Peter Koch-3
In reply to this post by Christian Horn-2
Hi!

Before I programmed the PKCS#15 emulations routine for TCOS-cards
I downloaded the PKCS15-spec but it was too long and I was too lazy
to read it. So I just used my common sense. One consequence was
that I chosed unique IDs for certificates. I still believe that
a non-unique identifier does not fulfill its only purpose namely to
(uniquely) identify something. But read on. We all believe that
the ID of a certificate is an identifier of the certificate itself.
It's not :-)

Here's what I read in the PKCS11# and PKCS15# specification:

=====================================================================
PKCS#11, section 10.7.2: Common Key Attributes

"The CKA_ID field is intended to distinguish among multiple keys.
In the case of public and private keys, this field assists in
handling multiple keys held by the same subject; the key identifier
for a public key and its corresponding private key should be the
same. The key identifier should also be the same as for the
corresponding certificate, if one exists. Cryptoki does not enforce
these associations, however."

=====================================================================
PKCS#11, section 10.9: Private Key Attributes

"It is intended in the interests of interoperability that the subject
name and key identifier for a private key will be the same as those
for the corresponding certificate and public key. However, this is
not enforced by Cryptoki, and it is not required that the certificate
and public key also be stored on the token."

=====================================================================
PKCS#11, section 12.3.2: X509 Certificate Attributes

In Table 30:
Attribute=CKA_ID, Type=Byte array, Meaning=Key identifier for
public/private key pair (default empty)

"The CKA_ID attribute is intended as a means of distinguishing
multiple public-key/private-key pairs held by the same subject
(whether stored in the same token or not). (Since the keys are
distinguished by subject name as well as identifier, it is possible
that keys for different subjects may have the same CKA_ID value
without introducing any ambiguity.)"


Here's how I interpret PKCS#11. Keys are identified by a CKA_ID
value which must be unique for each object type. Corrensponding
private and public keys should have the same ID.

Certificates are NOT identified by a CKA_ID value, but the CKA_ID
value of a certificate is not an identifier of the certificate itself
but it references the id of the corresponding public/private key.
So the CKA_ID value should better be named CKA_KEY_ID.


=====================================================================
PKCS#15, section 5.5.3: Public Key Directory Files (PuKDFs)

"..... When the private key corresponding to a public key also resides
on the card, the keys must share the same identifier. ....

NOTE – When a certificate object on the card contains the public key,
the public key object and the certificate object shall share the same
identifier. This means that in some cases three objects (a private key,
a public key and a certificate) will share the same identifier."

=====================================================================
PKCS#15, section 5.5.5: Certificate Directory Files (CDFs)

"..... When a certificate contains a public key whose private key
also resides on the card, the certificate and the private key must
share the same identifier. ...."



So while PKCS#11 only recommends to use identical identifiers for
certificates and their corresponding keys, PKCS#15 makes this a MUST.

So I should change my TCOS-card emulation if I want to fulfill the
PKCS#15 spec.

On the other hand OpenSwan (and most likely other applications too)
use the ID of a certificate (which does not identify the certificate
itself, but the corresponding key) as a way to specify which certificate
they want to use.

This will not work (and according to PKCS#15 this is not supposed to
work) for cards that have more than one cert per key.

So OpenSwan should change change its way to select a certificate.

But maybe OpenSwan does not care about which certificate is used if
only the public key has the correct id.

Peter

--
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Andreas Jellinghaus-2
is this correct?
applications are best of to extract the public key from a cert
and look for a private key with the same public key.

the assumption certificate id -> private key id might work
as well, but might also not work in other situations
(for example two certificates with the same key - thus
one has an id mismatch).

I guess we would do good, if we had a wiki page with
suggestions for developers how to integrate smart cards
and example code.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Nils Larsch
Andreas Jellinghaus wrote:
> is this correct?
> applications are best of to extract the public key from a cert
> and look for a private key with the same public key.

this of course only works if the public key information is stored
within the private key object and that is not necessarily the
case (as it would waste space)

>
> the assumption certificate id -> private key id might work
> as well, but might also not work in other situations
> (for example two certificates with the same key - thus
> one has an id mismatch).

"certificate id -> private key" still works but not necessesarily
"private key id -> certificate" (but in case of certificates you
normally search for a certificate with certain attributes anyway
(i.e. a cert for authentication etc.)).

>
> I guess we would do good, if we had a wiki page with
> suggestions for developers how to integrate smart cards
> and example code.

agree (open a ticket ? pkcs15 or pkcs11 or both ?)

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Nils Larsch
In reply to this post by Peter Koch-3
Peter Koch wrote:
> Hi!
>
> Before I programmed the PKCS#15 emulations routine for TCOS-cards
> I downloaded the PKCS15-spec but it was too long and I was too lazy
> to read it. So I just used my common sense. One consequence was
> that I chosed unique IDs for certificates. I still believe that
> a non-unique identifier does not fulfill its only purpose namely to
> (uniquely) identify something.

something like "key id" would have been a better name

> But read on. We all believe that
> the ID of a certificate is an identifier of the certificate itself.
> It's not :-)
>
> Here's what I read in the PKCS11# and PKCS15# specification:
>
> =====================================================================
> PKCS#11, section 10.7.2: Common Key Attributes
>
> "The CKA_ID field is intended to distinguish among multiple keys.
> In the case of public and private keys, this field assists in
> handling multiple keys held by the same subject; the key identifier
> for a public key and its corresponding private key should be the
> same. The key identifier should also be the same as for the
> corresponding certificate, if one exists. Cryptoki does not enforce
> these associations, however."
>
> =====================================================================
> PKCS#11, section 10.9: Private Key Attributes
>
> "It is intended in the interests of interoperability that the subject
> name and key identifier for a private key will be the same as those
> for the corresponding certificate and public key. However, this is
> not enforced by Cryptoki, and it is not required that the certificate
> and public key also be stored on the token."
>
> =====================================================================
> PKCS#11, section 12.3.2: X509 Certificate Attributes
>
> In Table 30:
> Attribute=CKA_ID, Type=Byte array, Meaning=Key identifier for
> public/private key pair (default empty)
>
> "The CKA_ID attribute is intended as a means of distinguishing
> multiple public-key/private-key pairs held by the same subject
> (whether stored in the same token or not). (Since the keys are
> distinguished by subject name as well as identifier, it is possible
> that keys for different subjects may have the same CKA_ID value
> without introducing any ambiguity.)"
>
>
> Here's how I interpret PKCS#11. Keys are identified by a CKA_ID
> value which must be unique for each object type. Corrensponding
> private and public keys should have the same ID.
>
> Certificates are NOT identified by a CKA_ID value, but the CKA_ID
> value of a certificate is not an identifier of the certificate itself
> but it references the id of the corresponding public/private key.
> So the CKA_ID value should better be named CKA_KEY_ID.
>
>
> =====================================================================
> PKCS#15, section 5.5.3: Public Key Directory Files (PuKDFs)
>
> "..... When the private key corresponding to a public key also resides
> on the card, the keys must share the same identifier. ....
>
> NOTE – When a certificate object on the card contains the public key,
> the public key object and the certificate object shall share the same
> identifier. This means that in some cases three objects (a private key,
> a public key and a certificate) will share the same identifier."
>
> =====================================================================
> PKCS#15, section 5.5.5: Certificate Directory Files (CDFs)
>
> "..... When a certificate contains a public key whose private key
> also resides on the card, the certificate and the private key must
> share the same identifier. ...."

thanks for the nice summary

>
>
>
> So while PKCS#11 only recommends to use identical identifiers for
> certificates and their corresponding keys, PKCS#15 makes this a MUST.
>
> So I should change my TCOS-card emulation if I want to fulfill the
> PKCS#15 spec.
>
> On the other hand OpenSwan (and most likely other applications too)
> use the ID of a certificate (which does not identify the certificate
> itself, but the corresponding key) as a way to specify which certificate
> they want to use.

yep, I guess it is common error to interpret the CKA_ID or pkcs15 id
as a primary key for the pkcs11/15 objects, it's just another attribute
which is useful to locate the private key (perhaps the name is
somewhat misleading)

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Andreas Steffen-2
In reply to this post by Peter Koch-3
Hi,

I cannot speak for the Openswan project (though the smartcard code
was originally contributed by me but hasn't been maintained by
the Openswan team for more than two years) but I can explain the
current smartcard selection policy employed by strongSwan's
much improved PKCS#11 interface:

There are two ways to select a certificate:

a) by CKA_ID and optionally by slot

     leftcert=%smartcard<optional slot nr>:<key id>

    probably certs belonging to the same private key
    will go into the same slot. Thus specification of the
    slot won't help in differentiating multiple certs
    having the same CKA_ID

b) by enumeration (positional parameter)

     leftcert=%smartcard#<position>

     During startup strongSwan queries the card[s] for all
     certicates and and lists them in the order they were
     found.

     Example of my egate Token configured using pkcs15-init:

     List of Smartcard Objects:

     Feb 08 11:30:35 2006, #1, count: 4
            slot:     0, session closed, logged out, has valid pin
            id:       45
            label:   '/C=CH/O=strongSec GmbH/CN=bonsai.strongsec.com'
            subject: 'C=CH, O=strongSec GmbH, CN=bonsai.strongsec.com'

     Feb 08 11:30:35 2006, #2, count: 1
            slot:     0, session closed, logged out, has no pin
            id:       00
            label:   '/C=CH/O=strongSec GmbH/CN=strongSec Root CA'
            subject: 'C=CH, O=strongSec GmbH, CN=strongSec Root CA'

     Feb 08 11:30:35 2006, #3, count: 5
            slot:     1, session closed, logged out, has valid pin
            id:       47
            label:   '/C=CH/O=HSR/OU=IntSec/CN=intsec.hsr.ch'
            subject: 'C=CH, O=HSR, OU=IntSec, CN=intsec.hsr.ch'

     Feb 08 11:30:35 2006, #4, count: 1
            slot:     1, session closed, logged out, has no pin
            id:       00
            label:   '/C=CH/O=HSR/OU=IntSec/CN=HSR IntSec Root CA'
            subject: 'C=CH, O=HSR, OU=IntSec, CN=HSR IntSec Root CA'

strongSwan can now select one of the certs using the position
#1, #2, #3, #4. Currently in order to retrieve the desired certificate
and to use the private key, the 'slot' and the CKA_ID is used
for the actual query.

If according to your proposal all certs belonging to a common private
key must have the same CKA_ID then additionally I would have to
include either the 'subject' or 'the label in the PKCS#11 query
in order to achieve a unique resolution to a single cert.

Regards

Andreas
Peter Koch wrote:

> Hi!
>
> Before I programmed the PKCS#15 emulations routine for TCOS-cards
> I downloaded the PKCS15-spec but it was too long and I was too lazy
> to read it. So I just used my common sense. One consequence was
> that I chosed unique IDs for certificates. I still believe that
> a non-unique identifier does not fulfill its only purpose namely to
> (uniquely) identify something. But read on. We all believe that
> the ID of a certificate is an identifier of the certificate itself.
> It's not :-)
>
> Here's what I read in the PKCS11# and PKCS15# specification:
>
> =====================================================================
> PKCS#11, section 10.7.2: Common Key Attributes
>
> "The CKA_ID field is intended to distinguish among multiple keys.
> In the case of public and private keys, this field assists in
> handling multiple keys held by the same subject; the key identifier
> for a public key and its corresponding private key should be the
> same. The key identifier should also be the same as for the
> corresponding certificate, if one exists. Cryptoki does not enforce
> these associations, however."
>
> =====================================================================
> PKCS#11, section 10.9: Private Key Attributes
>
> "It is intended in the interests of interoperability that the subject
> name and key identifier for a private key will be the same as those
> for the corresponding certificate and public key. However, this is
> not enforced by Cryptoki, and it is not required that the certificate
> and public key also be stored on the token."
>
> =====================================================================
> PKCS#11, section 12.3.2: X509 Certificate Attributes
>
> In Table 30:
> Attribute=CKA_ID, Type=Byte array, Meaning=Key identifier for
> public/private key pair (default empty)
>
> "The CKA_ID attribute is intended as a means of distinguishing
> multiple public-key/private-key pairs held by the same subject
> (whether stored in the same token or not). (Since the keys are
> distinguished by subject name as well as identifier, it is possible
> that keys for different subjects may have the same CKA_ID value
> without introducing any ambiguity.)"
>
>
> Here's how I interpret PKCS#11. Keys are identified by a CKA_ID
> value which must be unique for each object type. Corrensponding
> private and public keys should have the same ID.
>
> Certificates are NOT identified by a CKA_ID value, but the CKA_ID
> value of a certificate is not an identifier of the certificate itself
> but it references the id of the corresponding public/private key.
> So the CKA_ID value should better be named CKA_KEY_ID.
>
>
> =====================================================================
> PKCS#15, section 5.5.3: Public Key Directory Files (PuKDFs)
>
> "..... When the private key corresponding to a public key also resides
> on the card, the keys must share the same identifier. ....
>
> NOTE – When a certificate object on the card contains the public key,
> the public key object and the certificate object shall share the same
> identifier. This means that in some cases three objects (a private key,
> a public key and a certificate) will share the same identifier."
>
> =====================================================================
> PKCS#15, section 5.5.5: Certificate Directory Files (CDFs)
>
> "..... When a certificate contains a public key whose private key
> also resides on the card, the certificate and the private key must
> share the same identifier. ...."
>
>
>
> So while PKCS#11 only recommends to use identical identifiers for
> certificates and their corresponding keys, PKCS#15 makes this a MUST.
>
> So I should change my TCOS-card emulation if I want to fulfill the
> PKCS#15 spec.
>
> On the other hand OpenSwan (and most likely other applications too)
> use the ID of a certificate (which does not identify the certificate
> itself, but the corresponding key) as a way to specify which certificate
> they want to use.
>
> This will not work (and according to PKCS#15 this is not supposed to
> work) for cards that have more than one cert per key.
>
> So OpenSwan should change change its way to select a certificate.
>
> But maybe OpenSwan does not care about which certificate is used if
> only the public key has the correct id.
>
> Peter

=======================================================================
Andreas Steffen                   e-mail: [hidden email]
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Frederic Detienne
In reply to this post by Nils Larsch
Nils,

I agree with you but I do not see a precise topic about multiply defined
ID's covered in PKCS#15 and PKCS#11. I did have the documents, btw.

Anyway, I think I found in PKCS#11 what I was looking for...

For openswan to work as expected, they need to

C_FindObjectsInit (ID=2)
then loop on
  C_FindObjects () until the cert subject name is the right one
C_FindObjectsFinal ()

(the question is whether pkcs15-tool is supposed to rely on pkcs#11 to
display all those objects, and if not, how it is supposed to do).

Btw, seemingly, one could search for a private key with a given ID and
stop the search when the key has an interesting attribute (e.g. the
right modulus, generation type, etc...). My assumption about the
uniqueness of the private key ID was thus incorrect... there could be
many (albeit that seems odd).

So again, there is what _can_ be done and what _should_ be done. I was
hoping the ISO specs would be more precise about this or provide
guidance.

thx,

        fred

On Wed, 2006-02-08 at 09:16 +0100, Nils Larsch wrote:

> Frederic Detienne wrote:
> > Hi Nils,
> >
> > Now, I am getting really curious about what document precludes or allows
> > several similar object per ID.
>
> have a look at the pkcs15 or pkcs11 standard (both are free :)
>
> >
> > In fact, I even wonder what it would mean to have several private keys
> > sharing the same ID.
>
> The primary use of the pkcs15 (or pkcs11) id seems to be the assignment
> of a private key to the different cert und public key objects for this
> private key (and of course it can make sense to have more than one cert
> for a given private key).
>
> > You can't retrieve them and figure which one you
> > prefer... the key is used by the card and all you get is a result
> > (signature). This makes me doubting that various similar objects could
> > share an ID.
> >
> > Would (AuthID | ID) be a unique identifier ?
>
> for a private key ? almost certainly as every private key should
> have unique id
>
> > I.e. the right object with
> > the desired ID would be unique for a given AuthID (but there could be
> > several objects with the same ID and a different AuthID)...
>
> most cards have just one user pin
>
> >
> > This way, selecting the right object becomes a matter of logging in
> > (with an AuthID) and then selecting an object (by ID).
>
> normally the application chooses a certificate which it would like
> to use for a certain. The next step would be find the private key
> for this certificate, but this should be easy as there should be only
> one private key with a specific id (pkcs11 recommends to use the value
> of the subjectPublicKeyIdentifier for the id). Whether or not there
> several certificates with the same id doesn't matter here ...
>
> >
> > I am just guessing here as I do not have access to ISO 7816-[4,5] to
> > verify and I can't find relevant information in PKCS#15.
>
> http://www.rsasecurity.com/rsalabs/node.asp?id=2124
>
> Cheers,
> Nils

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Andreas Steffen-2
In reply to this post by Andreas Steffen-2
BTW - I've been wondering why the CKA_IDs of the CA certs which
were stored onto the card using the command

pkcs15-init  --format PKCS12 --store-private-key myCert.p12

don't show up as 0x46 and 0x48, respectively, but as 0x00.

Any ideas?

Andreas

Andreas Steffen wrote:

>     Example of my egate Token configured using pkcs15-init:
>
>     List of Smartcard Objects:
>
>     Feb 08 11:30:35 2006, #1, count: 4
>            slot:     0, session closed, logged out, has valid pin
>            id:       45
>            label:   '/C=CH/O=strongSec GmbH/CN=bonsai.strongsec.com'
>            subject: 'C=CH, O=strongSec GmbH, CN=bonsai.strongsec.com'
>
>     Feb 08 11:30:35 2006, #2, count: 1
>            slot:     0, session closed, logged out, has no pin
>            id:       00
>            label:   '/C=CH/O=strongSec GmbH/CN=strongSec Root CA'
>            subject: 'C=CH, O=strongSec GmbH, CN=strongSec Root CA'
>
>     Feb 08 11:30:35 2006, #3, count: 5
>            slot:     1, session closed, logged out, has valid pin
>            id:       47
>            label:   '/C=CH/O=HSR/OU=IntSec/CN=intsec.hsr.ch'
>            subject: 'C=CH, O=HSR, OU=IntSec, CN=intsec.hsr.ch'
>
>     Feb 08 11:30:35 2006, #4, count: 1
>            slot:     1, session closed, logged out, has no pin
>            id:       00
>            label:   '/C=CH/O=HSR/OU=IntSec/CN=HSR IntSec Root CA'
>            subject: 'C=CH, O=HSR, OU=IntSec, CN=HSR IntSec Root CA'

=======================================================================
Andreas Steffen                   e-mail: [hidden email]
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Nils Larsch
In reply to this post by Frederic Detienne
Frederic Detienne wrote:

> Nils,
>
> I agree with you but I do not see a precise topic about multiply defined
> ID's covered in PKCS#15 and PKCS#11. I did have the documents, btw.
>
> Anyway, I think I found in PKCS#11 what I was looking for...
>
> For openswan to work as expected, they need to
>
> C_FindObjectsInit (ID=2)
> then loop on
>   C_FindObjects () until the cert subject name is the right one

I guess the subject name should be the same (at least almost
always) for certs for a specific key, however some cert
extensions or attributes might be different (for example a
specific subjectAltName extension ...)

> C_FindObjectsFinal ()
>
> (the question is whether pkcs15-tool is supposed to rely on pkcs#11 to
> display all those objects, and if not, how it is supposed to do).

if pkcs15-tool is asked to return the certificate objects with
a certain attribute (in this case the id) it should return all
objects that have the attribute.

>
> Btw, seemingly, one could search for a private key with a given ID and
> stop the search when the key has an interesting attribute (e.g. the
> right modulus, generation type, etc...). My assumption about the
> uniqueness of the private key ID was thus incorrect... there could be
> many

yep

> (albeit that seems odd).

actually it's not that odd. For example cardos m4 smartcards normally
only allow either signing or decryption with a specific key, hence in
order to able to use a key for both operation you need two copies
of this key (with different attributes)

>
> So again, there is what _can_ be done and what _should_ be done. I was
> hoping the ISO specs would be more precise about this or provide
> guidance.

sorry don't have a copy of iso7816-15

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Frederic Detienne
On Wed, 2006-02-08 at 12:45 +0100, Nils Larsch wrote:

> Frederic Detienne wrote:
> > Nils,
> >
> > I agree with you but I do not see a precise topic about multiply defined
> > ID's covered in PKCS#15 and PKCS#11. I did have the documents, btw.
> >
> > Anyway, I think I found in PKCS#11 what I was looking for...
> >
> > For openswan to work as expected, they need to
> >
> > C_FindObjectsInit (ID=2)
> > then loop on
> >   C_FindObjects () until the cert subject name is the right one
>
> I guess the subject name should be the same (at least almost
> always) for certs for a specific key, however some cert
> extensions or attributes might be different (for example a
> specific subjectAltName extension ...)

typically, the names are different (OU and O in general) but I agree,
other X509 attributes may be useful to check.

> > C_FindObjectsFinal ()
> >
> > (the question is whether pkcs15-tool is supposed to rely on pkcs#11 to
> > display all those objects, and if not, how it is supposed to do).
>
> if pkcs15-tool is asked to return the certificate objects with
> a certain attribute (in this case the id) it should return all
> objects that have the attribute.

back to the original question, then: how ? What is the pure pkcs#15 API
that lets one do this ? (in fact, it has to be an openct or pcsc/lite
api).

> >
> > Btw, seemingly, one could search for a private key with a given ID and
> > stop the search when the key has an interesting attribute (e.g. the
> > right modulus, generation type, etc...). My assumption about the
> > uniqueness of the private key ID was thus incorrect... there could be
> > many
>
> yep
>
> > (albeit that seems odd).
>
> actually it's not that odd. For example cardos m4 smartcards normally
> only allow either signing or decryption with a specific key, hence in
> order to able to use a key for both operation you need two copies
> of this key (with different attributes)

ah but then, the ID has to be different. I do not know for decryption
but Authentication should have ID=45 and Signing should have ID=46.

> >
> > So again, there is what _can_ be done and what _should_ be done. I was
> > hoping the ISO specs would be more precise about this or provide
> > guidance.
>
> sorry don't have a copy of iso7816-15

I was not expecting you to send it to me (they are not free) but just in
case you had browsed to them :)

thx,

        fred

> Cheers,
> Nils

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Nils Larsch
Frederic Detienne wrote:
...

>>>C_FindObjectsFinal ()
>>>
>>>(the question is whether pkcs15-tool is supposed to rely on pkcs#11 to
>>>display all those objects, and if not, how it is supposed to do).
>>
>>if pkcs15-tool is asked to return the certificate objects with
>>a certain attribute (in this case the id) it should return all
>>objects that have the attribute.
>
>
> back to the original question, then: how ? What is the pure pkcs#15 API
> that lets one do this ? (in fact, it has to be an openct or pcsc/lite
> api).

sorry but what do exactly want ? pkcs15 doesn't define an API,
opensc offers a for the pkcs15 objects (the opensc pkcs15 api)
and as far as openct/pcsc-lite is concerned: do you really want
a sequence of raw APDUs (as this is what is given to these APIs) ?

>>actually it's not that odd. For example cardos m4 smartcards normally
>>only allow either signing or decryption with a specific key, hence in
>>order to able to use a key for both operation you need two copies
>>of this key (with different attributes)
>
>
> ah but then, the ID has to be different. I do not know for decryption
> but Authentication should have ID=45 and Signing should have ID=46.

no, they must have the same [key] id and according to the pkcs11
recommendation the id would be more likely the SHA-1 digest of
the public key (but of course 45 is easier to enter on the command
line)

Cheers,
Nils

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15-question about Cert-IDs and Key-IDs

Peter Koch-3
In reply to this post by Andreas Steffen-2
> BTW - I've been wondering why the CKA_IDs of the CA certs which
> were stored onto the card using the command
>
> pkcs15-init  --format PKCS12 --store-private-key myCert.p12
>
> don't show up as 0x46 and 0x48, respectively, but as 0x00.
>
> Any ideas?

Might be sensitive data which is available only after pin was verified.

--
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
12