[guardian-dev] How To Generate SSL keys without Backdoor
----- Forwarded message from Aaron Lux <a@AaronLux.com> ----- Date: Thu, 03 Oct 2013 23:50:40 -0500 From: Aaron Lux <a@AaronLux.com> To: guardian-dev@lists.mayfirst.org Subject: [guardian-dev] How To Generate SSL keys without Backdoor Message-ID: <524E4920.7040007@AaronLux.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 Reply-To: Aaron Lux <a@AaronLux.com> How to generate SSL keys which cannot be compromised. (Courtesy of FBI):
ATTACHMENT B Lavabit uses 2048?bit Secure Socket Layer (SSL) certificates purchased from GoDaddy to encrypt communication bet".Veen users and its server. SSL encryption employs public-key cryptography, in which both the sender and receiver each have two mathematically linked keys: a "public" key and a "private" key. "Public" keys arc published, but "private" keys are not. In this circumstance, a Lavabit customer uses Lavabit's published public key to initiate an encrypted email session with Lavabit over the internet. Lavabit's servers then decrypt this traffic using their private key. The only way to decrypt this traffic is through the usage of this private key. A SSL certificate is another name for a published public key. To obtain a SSL certificate from GoOaddy, a user needs to firs! generate a 2048-bil private key on hislher computer. Depending on the operating system and web server used, there are mUltiple ways to generate a private key. One of the more popular methods is to use a freely available command-line tool called OpenSSL. This generation also creates a certificate signing request file. The user sends this file to the SSL generation authority (e.g. GoOaddy) and OoOaddy then sends back the SSL certifi cate. The private key is not sent to GoDaddy and should be retained by the user. This private key is sto red on the user's web server to permit decryption of internet traffic, as described above. The FBI's collection system that will be installed to implement the PRiTT also requires the private key to be stored to decrypt Lavabit email and internet traffic. This decrypted traffic will then be filtered for the target email address specified in the PRlTI order. Depending on how exactly the private key was first generated by the user, it itself may be encrypted and protected by a password supplied by the user. This additional level of security is useful if, for example, a backup copy of the private key is stored on a CD. Ifthal CD v.'8S lost or stolen, the private key would not be compromised because a password would be required to access it. However, the user that generated the private key would have supplied it at generation time and would thus have knowledge of it. The OpenSSL tool described above is capable of decrypting encrypted private keys and converting the keys to a non-encrypted format with a simple, well -documented command. The FBI's collection system and most web servcrs requ ires the key to be stored in a non-encrypted format.
A 2048-bit key is composed of 512 characters. The standard practice of exchanging private SSL keys between entities is to use some electronic medium (e.g., CD or secure internet exchange). SSL keys are rarely, if ever, exchanged verbally or through print medium due to their long length and possibil ity of human error. Mr. Levison has previously stated that Lavabit actually uses five separate public/private key pairs, one for each type of mail protocol used by Lavabit. PEM format is an industry-standard file format for digitally representing SSL keys. PEM files can easily be created using the OpenSSL tool described above. The preferred medium for receiving these keys would be on a CO.
Guardian-dev mailing list Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen@leitl.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
participants (1)
-
Eugen Leitl