Monthly Archives: September 2010

Public Key Certificate Locations in Windows

Posted on September 13, 2010 | 1 Comment

Since last week I have been looking more at depth with how certificates work.  One thing that was bugging me was not knowing where the information is stored.  There are plenty of references to the certificates being stored in files and the registry but no actual paths.

On late Friday there was a bit of a breakthrough.  Somehow I managed to identify a location in the registry that contained a certificate (this was using regedit and doing a search on ‘cert’ if I remember right).

This subkey tree is located at HKCU\Software\Microsoft\SystemCertificates.

These certificates are considered to be CurrentUser whereas the shared ones are in LocalMachine.  Searching for SystemCertificates found an excellent reference from a Microsoft web page.  It is a bit old, but contains valuable information.

CA certificate-related registry entries correlate to the physical view of the certificate-related data that can be viewed by using the Certificates snap-in.

The registry settings in this section are a subset of the registry settings in “Certificate Services Tools and Settings.” This subset makes it possible to monitor and manage key configuration options associated with CA certificates.

The following registry keys are associated with CA certificates that were distributed via Group Policy:

  • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates

The following registry keys are associated with CA certificates that were not distributed via Group Policy:

  • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc

This summary shows where the certificates live for the different combinations. The keys are encoded as “blob” values under GUID identifier key names. It appears that the blob is just a binary representation of the certificate.

Each subkey off of the SystemCertificates above shows up in Certificate Manager (certmgr.exe) under a slightly different name.

The mapping is not necessarily easy to work out.  Hopefully in a future post it will happen.  The most important ones to note are “my” and “root”.  ”My” is “Personal” and “root” is “Trusted Root Certificate Authorities”.  My current theory is that these folders can be a bit free form HOWEVER they do have a purpose and essentially control access to specific features.  For example, “root” is used extensively to guarantee that the root CA is trusted.  If the certificate lives in this folder, essentially all Windows cert operations (think SSL) will trust any certificated signed by this root CA.

Let’s take a look at certificate using normal tools and using the registry editor.

This is a test certificate that was built to try some Azure samples.  Note that it has a private key.  The certificate lives under “Personal” on “CurrentUser”.  This translates to HKCU with “My”.

Here is a bit more detail from certmgr:

Hopefully this will make some sense against the registry entry.  And, it does not.

This is where I admit that not everything as it seems.  It turns out the majority of the interesting certificates are actually on the disk.  The Personal certificates were found in “%UserProfile%\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates”.  How’s that for assuming the wrong place?

The directory and files (certificates) are hidden so you will have to play with ATTRIB or Windows Explorer options to get to them.  It looks like this:

This corresponds to the seven certificates seen in certmgr (MMC with snap-on certificate handler).  I just noticed that these names correspond to the thumbprint of the certificate (SHA1 : 16 bytes).  This should make it easier to find the certificate that we started with (test.cloudapp.net).

It matches one of the file names:

To get a better look at this file, I used attrib to strip off the system flag (attrib -s) and copied (copy /b) it to another directory.  Then I used my hexdump tool to display what it had inside.

Test Certificate binary content

Clearly this is the right one.  The chances of having the wrong filename based on SHA1 is almost impossible.

The next post will focus on the location of the private keys.

→ 1 Comment

Posted in Certificates, Windows

Tagged ,

GoToMyPC Saved My Day

Posted on September 12, 2010 | Leave a comment


I have been working at home now for almost eleven years.  When my job first started, it was the first time that a software developer worked remotely in my company.  There were many barriers before this time but luckily my timing was good.

Currently I am working on a project that is looking at using Cloud-based technology to make it easier for existing customers.  All of my development happens near Brisbane, Australia whereas my nearest office is in Sydney.  This works well with the help of products like GoToMeeting.  In fact, there is a need to use it almost every day.  It is my view into what is happening in Sydney and sometimes I even use it to share what I have at home.

It is so common to use GoToMeeting, it is just part of everyday work.  Without it, it would be much harder to convey important computer-based information.

Anyways, something different happened this last weekend.  On Sunday I was packing up for my trip to Sydney for a three day event in the office.  I was working on a difficult problem at the time and was very frustrated that I could not figure it out before the trip.  Usually this means that I need to move the problem environment to my work machine in Sydney and continue from there.  The problem with that is that my Sydney machine is not as strong as my Brisbane machine and does not have all the things that I need day to day.  In fact, the Sydney machine is a subset of my usual environment.

Usually I just accept this situation. However, the size of the problem and the lack of time made this unacceptable.  In the last hour before I had to leave, I decided that I should try using GoToMyPC to get access to my development machine from Sydney.  I still had an account that I had not used for awhile so I had to reset the password and get things going again.  However, within about a half an hour, it was running.

When I got to Sydney, I connected to my development machine and it worked great.  In fact it was so good to have my native environment I wondered why I had not tried it before.  It takes away the need to duplicate the environment somewhere else and it is quick enough to use without frustration.  The best aspect is that it just works.

Because I still had access to my main machine, it made it so much easier and quicker to solve the problems that happened.  Without access to GoToMyPC, it would have easily taken twice as long to figure this out.  It would have been very hard to reach the deadline in time without it.

This is a true story that recently happened.  I am very glad that this worked and it reduced my stress level in a big way.

→ Leave a comment

Posted in Angst, GoToMyPC

Programming Windows Azure eBook for $20

Posted on September 12, 2010 | 1 Comment

Programming Windows Azure is a recent book which is published by O’Reilly.  So far there are not many books covering Azure specifically so this was seen as a positive move.  It is written by Sriram Krishnan who works for Microsoft on the
Azure team.

When I first heard about this book, I searched Amazon for a Kindle edition.  Since last December I have been using the Kindle I have more and more.  Unfortunately Amazon does not have this format.

However, O’Reilly does have a program whereby you can buy the electronic versions of their books.  In this offer, you can get DRM-free copies of the book in formats for all the popular devices (PDF, iPhone, iPad, Android, Kindle, Sony Reader).

Knowing that the Kindle would work, I then discovered an excellent discount code.  Normally the Azure book costs $39.95 but with the discount code “4cast” the price is cut in half.  This obviously is to promote the new digital formats.

Once I purchased the book for $20, I could then download the book to my machine.  The next trick was to send the book to the Kindle.  This works by just sending from a trusted email account (for the Kindle) to the Kindle email address reserved during initial setup.  Typically the name is something like jeff@kindle.com .  The simple act of sending the book as an attachment to this Kindle email address is enough to start the wireless transfer to your Kindle.  The catch is that it needs to be coming from a trusted email address and that the transfer is going to cost money (on whispernet).

The Azure book is about 2.7MB in the Kindle format which happened to be bigger than the default maximum cost for an email transfer.  It costs around $1 per MB to download to the Kindle.

The default can be changed if you go to Amazon and select “Manage My Kindle” for the Kindle home page.

Kindle help:

Limit section to be updated:

Once your limit is high enough, it will get through.  In fact, it probably took less than 30 minutes.  This is a real plus for a number of reasons.

  • Virtual books means no shipping costs from US to Australia
  • It is so fast it is hard to believe it worked
  • The massive computer books are now light and easy to read anywhere (not just for reference)

The charge on the transfer would have been around $3 so the total cost was $23.  If I had wanted, I could have just transferred the book using USB.  Or, if I had a newer Kindle, I could have used WiFi.  Both of those options are supposed to be free.

I’m still reading the book so I cannot given an accurate review.  However, the book covers some of the original thinking for Azure (used to be called Project Red Dog) and how some of the features have evolved.  The most useful bit so far is running native code from an existing web role to supporting things like PHP.

It looks to be a great summary of Azure and even though it might not be perfectly up to date, it still provides plenty of useful information.

→ 1 Comment

Posted in Azure

Tagged ,

Certificate Public Key Usage

Posted on September 10, 2010 | Leave a comment

Public keys that reside inside certificates are only meant to be used for certain things.  This is indicated by the Key Usage and Extended Key Usage extensions.

The first stop is documentation from OpenSSL.

Key usage supported names:

  • digitalSignature
  • nonRepudiation
  • keyEncipherment
  • dataEncipherment
  • keyAgreement
  • keyCertSign
  • cRLSign
  • encipherOnly
  • decipherOnly

Extended Key Usage names:

Value                  Meaning
 -----                  -------
 serverAuth             SSL/TLS Web Server Authentication.
 clientAuth             SSL/TLS Web Client Authentication.
 codeSigning            Code signing.
 emailProtection        E-mail Protection (S/MIME).
 timeStamping           Trusted Timestamping
 msCodeInd              Microsoft Individual Code Signing (authenticode)
 msCodeCom              Microsoft Commercial Code Signing (authenticode)
 msCTLSign              Microsoft Trust List Signing
 msSGC                  Microsoft Server Gated Crypto
 msEFS                  Microsoft Encrypted File System
 nsSGC                  Netscape Server Gated Crypto

Now, moving on to a more detailed source from IETF (RFC 3280):

4.2.1.3  Key Usage

   The key usage extension defines the purpose (e.g., encipherment,
   signature, certificate signing) of the key contained in the
   certificate.  The usage restriction might be employed when a key that
   could be used for more than one operation is to be restricted.  For
   example, when an RSA key should be used only to verify signatures on
   objects other than public key certificates and CRLs, the
   digitalSignature and/or nonRepudiation bits would be asserted.
   Likewise, when an RSA key should be used only for key management, the
   keyEncipherment bit would be asserted.

   This extension MUST appear in certificates that contain public keys
   that are used to validate digital signatures on other public key
   certificates or CRLs.  When this extension appears, it SHOULD be
   marked critical.

      id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }

      KeyUsage ::= BIT STRING {
           digitalSignature        (0),
           nonRepudiation          (1),
           keyEncipherment         (2),
           dataEncipherment        (3),
           keyAgreement            (4),
           keyCertSign             (5),
           cRLSign                 (6),
           encipherOnly            (7),
           decipherOnly            (8) }

   Bits in the KeyUsage type are used as follows:

      The digitalSignature bit is asserted when the subject public key
      is used with a digital signature mechanism to support security
      services other than certificate signing (bit 5), or CRL signing
      (bit 6).  Digital signature mechanisms are often used for entity
      authentication and data origin authentication with integrity.

      The nonRepudiation bit is asserted when the subject public key is
      used to verify digital signatures used to provide a non-
      repudiation service which protects against the signing entity
      falsely denying some action, excluding certificate or CRL signing.
      In the case of later conflict, a reliable third party may
      determine the authenticity of the signed data.

      Further distinctions between the digitalSignature and
      nonRepudiation bits may be provided in specific certificate
      policies.

      The keyEncipherment bit is asserted when the subject public key is
      used for key transport.  For example, when an RSA key is to be
      used for key management, then this bit is set.

      The dataEncipherment bit is asserted when the subject public key
      is used for enciphering user data, other than cryptographic keys.

      The keyAgreement bit is asserted when the subject public key is
      used for key agreement.  For example, when a Diffie-Hellman key is
      to be used for key management, then this bit is set.

      The keyCertSign bit is asserted when the subject public key is
      used for verifying a signature on public key certificates.  If the
      keyCertSign bit is asserted, then the cA bit in the basic
      constraints extension (section 4.2.1.10) MUST also be asserted.

      The cRLSign bit is asserted when the subject public key is used
      for verifying a signature on certificate revocation list (e.g., a
      CRL, delta CRL, or an ARL).  This bit MUST be asserted in
      certificates that are used to verify signatures on CRLs.

      The meaning of the encipherOnly bit is undefined in the absence of
      the keyAgreement bit.  When the encipherOnly bit is asserted and
      the keyAgreement bit is also set, the subject public key may be
      used only for enciphering data while performing key agreement.

      The meaning of the decipherOnly bit is undefined in the absence of
      the keyAgreement bit.  When the decipherOnly bit is asserted and
      the keyAgreement bit is also set, the subject public key may be
      used only for deciphering data while performing key agreement.

   This profile does not restrict the combinations of bits that may be
   set in an instantiation of the keyUsage extension.  However,
   appropriate values for keyUsage extensions for particular algorithms
   are specified in [PKIXALGS].

But wait, the trail goes deeper into “PKIXALGS” which is also known as RFC3279.

If the keyUsage extension is present in an end entity certificate
   which conveys an RSA public key, any combination of the following
   values MAY be present:

      digitalSignature;
      nonRepudiation;
      keyEncipherment; and
      dataEncipherment.

   If the keyUsage extension is present in a CA or CRL issuer
   certificate which conveys an RSA public key, any combination of the
   following values MAY be present:

      digitalSignature;
      nonRepudiation;
      keyEncipherment;
      dataEncipherment;
      keyCertSign; and
      cRLSign.

   However, this specification RECOMMENDS that if keyCertSign or cRLSign
   is present, both keyEncipherment and dataEncipherment SHOULD NOT be
   present.

What does all this mean? There are specific rules about how the usage field controls how the public key is applied. Think of it as a gate to certain activities. A CA certificate has access to more functions than a non-CA (normal) certificate.

Having the usage right to sign another certificate is reserved for CAs. Based on previous posts, this means that you could have a certificate that would never have to right to sign other certificates.

I must admit that it is still a bit confusing how all these combinations fit together. Examples over time will help to clear this up. At least now the different types are clearly identified.

→ Leave a comment

Posted in Certificates, PKI

Tagged , ,

Certificate Authority Trust Model

Posted on September 9, 2010 | Leave a comment

There are many different kinds of certificate authorities available.  A description from Windows 2000 Server documentation helps to clarify.  The different players are:

  • Root CA
  • Subordinate CA
    • Intermediate CA
    • Issuing CA

The CA hierarchies are very flexible based on simple rules.

The root CA is always at the top.  It has a public/private key pair with the public key living in the public certificate signed by itself.  It is perhaps a bit vain but it has no equal in the line of trust.  It is the CA that is actually trusted by the client and server resources.  The root CA needs to be protected as much as possible in the owner organisation.  It is okay to have multiple CAs in a single organisation but this implies that every trusting element needs to be updated with more root CAs.

CAs can be a child of a root CA.  These are known as subordinate CAs.  The subordinate CA’s certificate is signed by the root CA.  There are two kinds of subordinate CAs.  Intermediate CAs are responsible for verifying subordinate CAs.  Issuing CAs are meant to provide certificates to end uses.   An issuing CA would never provide support to a child CA (since it is not allowed).  Also, an intermediate would never provide certificates except for other CAs.

The trust for certificates is chained back to the root CA.  A certificate path can be constructed from the knowledge gained from the CA certificates.  It is much like a linked list in nature.  Given the end-user certificate, the CAs can be walked back to the root CA.

For Windows, trust is gained by having the root CA certificate in the “Trusted Root Certification Authorities” store.

Based on documentation, if Windows trusts an intermediate CA, it will add it to the Intermediate Certificate Store.

Windows (at least in Windows 2000) trusts certificates based on this flow:

Reasons for validation failing:

  • Dates are invalid or expired
  • Certificate not in correct format
  • Certificate fields might be invalid or missing
  • Thumbprint or signature do not match reality
  • Cert has been revoked
  • Root CA is not in the trust root certificate store

Interestingly, if a CA certificate in the path is expired, it can still be possible for the certificate at the bottom to be valid.  The key is that the CA certificate was valid when the bottom certificate was issued.  This is a strange twist but makes sense given the alignment of dates would be very complex otherwise.

These ideas are coming from a Microsoft point of view and might not match the rest of the world.  Also, the main source used was from Windows 2000 which is not the latest version.  So far, this was the most straight forward reference.

→ Leave a comment

Posted in Uncategorized

SSL Handshake

Posted on September 8, 2010 | Leave a comment

How do you exchange secrets without knowing the codes to use?  Typically it is a recursive kind of problem.  With the classic mode of symmetric encryption keys, it is necessary to magically transport the key to the other side.  This would often entail using a secure non-digital technique like carrying it there.

In the web, this is impractical and would hinder the use of encryption.  Thank goodness for PKI with its ability to keep the key secret while still enabling everyone to form secure communication with the owner of that key.

Years ago I researched what was necessary to support SSL with one of our products.  It was an interesting technology to study and it was impressive how effective it was.  The modern name is supposed to be TLS but it does not seem to be sticking in the market as a name.  To me, SSL sounds better.

Today I found an old Sun page talking about SSL Handshake.  It is funny how the older pages reveal more detail than the newer ones.  Perhaps we had more time to focus on it back then.

Some items that are often forgotten about:

  • It is possible to support client certificates to authenticate the user
  • The encryption used for the bulk of SSL data is actually symmetric key based (negotiated during initial handshake)
  • The client and server negotiate the type of encryption algorithm used
  • SSL was pioneered by Netscape around 1995

Here is another description of the SSL handshake from IBM.

If you would like to learn more about SSL/TLS, please review the TLS 1.2 RFC 5246.

From the RFC:

The TLS Handshake Protocol involves the following steps:

   -  Exchange hello messages to agree on algorithms, exchange random
      values, and check for session resumption.

   -  Exchange the necessary cryptographic parameters to allow the
      client and server to agree on a premaster secret.

   -  Exchange certificates and cryptographic information to allow the
      client and server to authenticate themselves.

   -  Generate a master secret from the premaster secret and exchanged
      random values.

   -  Provide security parameters to the record layer.

   -  Allow the client and server to verify that their peer has
      calculated the same security parameters and that the handshake
      occurred without tampering by an attacker.

So much traffic on the Internet is based on HTTPS which in turn is dependent on SSL/TLS. If fact, it is largely this technology which has enabled doing business on the web.

→ Leave a comment

Posted in SSL

Tagged

Digital Certificates (part 2 of 2)

Posted on September 8, 2010 | 2 Comments

Part two continues on the topic of digital certificates.    One of the keys is private and the other is public.

Below are some useful examples and explanations from Novell:

But, how does this work on the Internet for transactions?

Continue reading

→ 2 Comments

Posted in Certificates, PKI

Tagged ,

Digital Certificates (part 1 of 2)

Posted on September 7, 2010 | Leave a comment

This post will explore digital certificates.  Consider this as a result of a need to learn more detail about how certificates work.

Start here:

  1. VeriSign: Introduction to Digital Certificates
  2. VeriSign: Introduction to Public Key Cryptography

Paraphrasing:

Cryptography solves many key computer issues (like identification).  Traditional security based on physical devices is useless in the digital world.   In order to protect information and identity, complex algorithms are needed to hide the content and user.

Early generation encryption solved the problem but had a big problem with how far it could transfer its secret keys.  It became too difficult and expensive to safeguard the symmetric keys.  Beyond this, the key trust required new keys for each new trust relationship.  It also implied prior knowledge of the other person.

Since both parties know the secret key, there is no way to know which of the two parties might have modified content or acted as the other.  The shared key does not indicate identification.  Therefore it can not be used to authenticate.

Public key encryption was first created in the mid 1970′s.  For the first time it was possible to transfer secret data without exposing the secret key.   There are two keys (one public and one private) that do the opposite of each other.  If you use the public key to encrypt, only the private key can decrypt.  Likewise, if data is encrypted using the private key, it can only be decrypted by the public key.

The public key is made widely available for all to use.  The private key is only available to the owner.  SSL uses the public keys of servers to encrypt traffic to the web.  The SSL protocol requests the public key from the server directly as part of its negotiation.

If a user wants to send a private message to another person, they use the public key of that person to encrypt the message.  The recipient uses their private key to decrypt the message.

The power of this is that the public key can be used by anyone and the content sent to the private key owner cannot be decrypted by anyone else (assuming that the encryption is strong enough).

Since only one person owns the private key, it is therefore true that if you decrypt data from the users public key, you can be guaranteed that it came from that person.  This introduces the concept of digital signatures.

Sometimes it is only necessary to prove that someone sent data.  The actual data does not necessarily need to be encrypted but the producer and the consumer want to guarantee that nothing has changed and that the content came from the producer.  This is used extensively in code signing.

The quick summary is that a hash algorithm is run against a section of data and the resulting digest (like SHA1) is encrypted using the private key of the producer.  The consumer receives the data and decrypts the digest and compares this against the digest calculated from the received data.  If they do not match, something has been altered that should not have been.

The problem however is that just because a public key is published it does not necessarily mean that the owner is the person you want to trust.  Someone could send you a public key that actually belongs to someone else.  There is a need to guarantee trust.

Digital certificates are the answer.  Similar in nature to a passport or driver license, they uniquely identify you based on a trusted organisation.    The user’s public key is signed by a certificate authority (think VeriSign) that can vouch for you being a valid user/company.  They only sign public keys they trust through a process of proving identity.  Years ago I needed a certificate for Citrix and had to prove to VeriSign that we were who we said we were.  It can be an extensive process based on the level of verification.

Digital certificates contain a number of data items to help verify identity and trust.  This includes the concept of expiration.  Proof of identity only lasts for a specific time (usually a year).

Certificates can be allocated based on a trust hierarchy.  Trust is relative to the parent which can be mapped to many layers before it gets back to a certificate authority root.  Web browsers have a list of certificate authorities they trust and that is the basis of determining trust with HTTPS sites.  Only trusted CAs are allowed.

More in the next post…

→ Leave a comment

Posted in Certificates, Security, SSL

Tagged , ,