December 2020 - Uwe Gradenegger

Signing certificates bypassing the certification authority

Time and again in discussions about the security of a certification authority, it comes up that abuse of the certification authority could be contained by its security settings.

However, the fact that the integrity of a certification authority is directly tied to its key material and can therefore also be compromised by it is not obvious at first glance.

one must think of the certification authority software as a kind of management around the key material. For example, the software provides a Online interface for Certificate Enrollment takes care of the authentication of the enrollees, the automated execution of signature operations (issuing certificates and Brevocation lists) and their logging (Certification Authority Database, Audit log, Event log).

However, signature operations require nothing more than the private key of the certification authority. The following example shows how an attacker, given access to the certification authority's private key, can generate and issue certificates without the certification authority software and its security mechanisms being aware of this.

With such a certificate, it would even be possible in the worst case, take over the Active Directory forest undetected.

Moving the certification authority database to another directory or drive

In the operation of a certification authority, one may find that it is necessary to subsequently change the storage path for the certification authority database. For example, one may want to move the database to another partition/drive.

Microsoft Outlook: View which algorithm was used for an S/MIME encrypted or signed email

Below is a description of where it is possible to view which symmetric algorithm was used to encrypt an email received, and which hash algorithm was used for a signed email.

Microsoft Outlook: Control the encryption algorithm used for S/MIME.

When S/MIME certificates are issued, they usually contain a certificate extension "S/MIME Capabilities". This certificate extension is specified in RFC 4262 and can be used by compatible e-mail programs to specify the symmetric algorithms supported by the recipient of an encrypted message. The sender should then choose the strongest algorithm supported by the recipient.

Microsoft Outlook uses (if available and required) the information in the "S/MIME Capabilities" extension of a certificate. Below is a description of how it is used and which algorithms are selected.

The "S/MIME Capabilities" certificate extension

Among other things, the Microsoft Outlook extension is evaluated and used to determine the symmetric algorithm for an encrypted email.

Extend the "S/MIME Capabilities" certificate extension in issued certificates to include the Cryptography Next Generation (CNG) algorithms.

However, if you take a look at the symmetric algorithms included in such a certificate, you will probably find that the list contains rather outdated algorithms - the "strongest" of these algorithms is Triple DES (3DES), which is now considered obsolete.