This is my list of Links to white papers and the like that I have found useful (restarted 2014). It is not an attempt to create a balanced or educational list. I am adding what I need right now!
Comprehensive reviews of PKI issues
Analysis by Peter Gutmann who likes to throw rocks at PKI according to his bio:
- Everything you Never Wanted to Know about PKI but were Forced to Find Out
- Book Draft, see chapter on PKI: Engineering Security
- X.509 Certificates - part of the crypto tutorial.
- The legendary X.509 Style Guide
- PKI: Lemon Markets and Lemonade: Incl. many examples of certificates invalid in different respects but yet recognized by PKI applications.
Request for Comments:
- RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Including an algorithm for X.509 certification path validation.
- RFC 4158: Internet X.509 Public Key Infrastructure: Certification Path Building. In an alternate universe in which Richard Feynman had become a computer scientist, he would have written such RFCs instead of inventing his Feynman diagrams.
- Strict RFC compliance re validation of Certificate Policies OIDs enforced in Windows 2008 R2.
In Windows systems:
- Certificate Revocation Checking in Windows Vista and Windows Server 2008 - interesting: pre-fetching or CRLs and support for OCSP signing certificates signed by another CA.
- Troubleshooting Certificate Status and Revocation: explaining in detail how Windows clients build certificate chains, such as matching names based on a binary comparison or doing a name match only when AKI is not populated - which does not match my experience for Windows 2008 - I seen it agressively doing name matching despite non-matching AKI/SKI and this resulting in a alleged 'corrupt signatures'. But don't take my word on this - I might habe messed something up on testing. Anyway, this paper also demonstrates how awfully complicated it is to check certificate paths. Windows 2000 and XP did it differently (see at the middle of the document) - so this has probably changed again.
- Troubleshooting PKI Problems on Windows Vista
- How Certificate Revocation Works
- Windows XP: Certificate Status and Revocation Checking
Cross-certification and hierachies
- Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003: On cross-certificates and constraints.
- Microsoft's own showcase. They went from a 3-tier internal PKI to a simple 2-tier infrastructure.
Cross-certification of inhouse CAs by Verizon (former
Cybertrust), solution name formerly known as 'Omniroot'.
This case study still shows this name):
More case studies:
Links for Microsoft's autoenrollment are provided in more MS-related sections
- Simple Certificate Enrollment Protocol: The eternal draft (?) of a protocol originally developed by CISCO.
Weird, hacked, forged certificates
- Legendary X.509 certificate by Markku-Juhani Saarinen with: invalid dates, a public key exponent of 1, a huge RSA modulus whose BASE64 version includes a funny message (I found this gem quoted in Peter Gutmann's various PKI slides, e.g. these ones). Validated correctly on Windows systems in 2000 - just tested: as per 2014 it stil does.
- MD5 considered harmful today - Creating a rogue CA certificate: Epic and educational hack, based on a combination of the algorithm's weakness and out-of-the-box thinking / social engineering. A rogue CA cert., hash-colliding with a legitimate cert. issued by a SSL CA that was not very creative in creating serial numbers and validity dates.
- Null Prefix Attacks Against SSL/TLS Certificates by Moxie Marlinspike. How inserting NULL characters into the subject name and adding some domain you own after this character will result in great certificates for phishing purposes.
- Active Directory Certificate Services Step-by-Step Guide
- Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure: Old but still good.
- Securing Wireless LANs with Certificate Services: Again old but good. Comparing this to Securing Wireless LANs with PEAP and Passwords shows that PKI is by far the most time-consuming part of the infrastructure
- Active Directory Certificate Services Migration Guide: The CA is migrated by moving key, database, and conifguration over to a machine - which probably runs on a different operating system. The guide is for software-based key stores. With an HSM the migration is essentially the same once the HSM crypto provider has been configured and the HSM connected to the new machine.
- Windows CA Performance Numbers and Evaluating CA Capacity, Performance, and Scalability
Windows PKI: Features and management
After I started compiling my own list, I found this - I will keep picking some of the microsoft.com links and publish them to this page though:
- Windows PKI Documentation Reference and Library: Comprehensive overview of all MS resources related to the Windows CA ('Active Directory Certificate Services').
Some of the features required to run a Microsoft PKI in a larger, corporate environment:
- Windows Server 2012: Certificate Templates and Options - templates are classified in a new way, by the combination of the OSs of CA and certificate subscriber. The schema version is derived from these OS versions and the intended cryptographic providers.
- Note that version 3 templates are not available via the web enrollment (ASP) pages.
- Implementing and Administering Certificate Templates - for CAs <= 2008 R2
- Certificate Enrollment Web Services in Windows Server 2008 R2: This is to solve the issue with (not) allowing clients to use RPC/DCOM for certificate enrollment. These PKI roles allow for HTTPs-based enrollment via a 'proxy' instead. The HTML version of the paper. Starting with Windows 2012 key based renewal is supported - so non-domain joined machines only need to enroll for the intial certifiate manually.
- Active Directory Certificate Services PKI - Key Archival and Management: Storing private keys to the CA database, using split administration.
- Credential Roaming: Using Active Directory for roaming and backing up users's keys and certificates.
- Certificate Autoenrollment in Windows Server 2003: Especially the section on troubleshooting is interesting.
- Online Responder Installation, Configuration, and Troubleshooting Guide: Most interesting is how long response live: They are generated from CRLs and live as long this CRL or the OCSP signing certificate whatever is more short-lived. In addition, the cache time for responses served can be configured. How to make OCSP responders high-available.
- Network Device Enrollment Service - Microsoft's implementation of SCEP, Simple Enrollment Protocol. Starting with Windows Server 2012 R2 a custom policy module can be used with NDES.
- Failover Clustering and Active Directory Certificate Services: Clustering is supported if an HSM is used as a keystore. Then, actually, the HSM should be clustered as well.
- Evaluating CA Capacity, Performance, and Scalability: Performance of the Windows 2003 CA in terms of certificates issued per time and database size. Database performance in terms of creating views is not given.
Windows PKI 2008 R2 versus 2012 R2 and upgrade of hash algorithms
New features in 2012! Note I started added some the detailed articles about specific features - NDES, templates - also to other sections. This section is for overviews covering many new features or cryptograpy / algorithms in particular.
- What's New in Certificate Services in Windows Server 2012
- Windows Server 2012: Certificate Template Versions and Options - probably the change the PKI admin notices first.
New ways to leverage a TPM chip - key attestation by validation of an endorsement key. You could have used a TPM chip as a custom key store for the machine / SYSTEM in earlier versions of Windows (basically like a 'smartcard for machines) in case the vendor of the TPM chip or a vendor of crypto software provided a suitable CSP / CNG provider. Starting with Windows 8.1 as the end-entity's OS the CA (2012 R2) is able to check if the private key had really been stored to a TPM chip.
- Changing public key algorithm of a CA certificate - only the hash algorithm can be changed (for CNG providers), not the provider itself.
Upgrade Certification Authority to SHA256
- after the change of a registry key the CA signs anything with the new
algorithm, including CRLs and its own CA certificate when renewed (Step-by-step-instructions).
Attention - according to my experiences with 2008 R2 the registry value for hash values is case-sensitive. Good: The change of the hash algorithm can be reverted easily. Bad: This is a per-CA settings, so once the algorithm has been changed all certificates and CRLs issued by that CA are signed using the new algorithm.
Certificate and key stores
Windows client-side stores:
- Migrating a Certification Authority Key from a Cryptographic Service Provider (CSP) to a Key Storage Provider (KSP)
- Key Storage and Retrieval: CNG architecture and location of keys in the file system.
- Windows Data Protection: Private key files are encrypted using a master key generated from a user's or machine's SID and password. DPAPI security explains why users don't lose access to their EFS private keys if their passwords are reset by a domain admin.
- The key associated with a self-signed certificate in the computer store is used in the Microsoft implementation of DNSSEC.
- Advanced Certificate Enrollment and Management: White Paper incl. sample commands for the Windows tool certreq and a summary on BASE64 and ASN.1
- BASE64 explained
- The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)
- dumpasn1.c: Peter Gutmann's tool for checking ASN.1 encoding of any file.
- DER Encoding of ASN.1 Types - introduction to ASN.1 by Microsoft.
- Syntax of Windows' tool certutil that can (among many other things) show ASN.1 or encode/decode/encode hex files.
Using certificates for authentication
Native Active Directory logon:
- How to use certificates to integrate with the Kerberos protocol: RFC 4556 - Public Key Cryptography for Initial Authentication in Kerberos (PKINIT).
- Certificate Processing Logic, Figure 21 in Windows Vista Smart Card Infrastructure. Essential: String-based mapping of UPN in SAN onto UPN in AD. Secure though because the issuing CA's certificate need to be present in the NTAuth object.
- IIS configuration details of Active Directory Certificate Mapping: Client Certificate Mapping Authentication.
- Security advice by Microsoft - use this feature with caution and don't allow 'PKI admins' to control both a CA and the details of requests: Because user input can be abused by persons with malicious intent, precautions should be taken to mitigate the risks associated with the use of user-defined SANs.
- Specification of the Remote Certificate Mapping Protocol. An example of how the protocol is used in the communication between domain controllers and web servers.
Webserver-based mapping (no directory)
Apple iDevices, SAP, and other non-MS clients
- In contrast to Windows'/AD's native logon via UPN string mapping
SAP uses a 1:1 mapping of binary certificates to users:
Single Sign-on mit SAP (part of a German book, assignment of the certificate is explained on pp.33)
- Apple iPhones, 802.1x authentication against Active Directory using Windows
RADIUS server (NPS)
(promoted to blog post, summary kept here for traceability).
- Properties of the certificate
Subject CN: host/machine.domain.com
Subject Alternative Name machine.domain.com
Certificate Template (Windows Enterprise PKI): Copy the default template Workstation Authentication, Subject Name: Name as submitted with the Request.
- Create the key, request and certificate on a dedicated enrollment machine and export key and certificates as PKCS#12 (PFX) file.
- Create a shadow account in Active Directory
- According to my tests, the creation of an additional name mapping (as recommended here) is not required - SAN-DNS gets mapped onto dnsHostName in AD.
- Properties of the certificate
Network authentication of devices
- Overview: Certificates for different services / protocols, like 802.1x or IPsec
Started in 2014-10. Usual suspects as SMIME, EFS, 802.1x to be added as needed over time. See also the list of Technet Postings and the PKI FAQ.
- DNSSEC: Secure DNS Deployment Guide, Step-by-Step: Demonstrate DNSSEC in a Test Lab.
- Remote Desktop Services: Certificate requirements for RDP.
- Domain Controllers: Certificate requirements when using a third-party CA. These are the same requirements as with an inhouse CA - an external CA chain needs to be manually imported in addition (Trusted Roots, NTAuth).
Useful commands (in the Windows world)
- Some interesting flags for locking down access to a Windows CA. See section on Config_CA_Interface in this Configuration List.
- Windows Certificate Services Tools and Settings: Describing the CA's registry keys.
Emergency processes, for Windows.
- Delete cached CRLs:
certutil -setreg chain\ChainCacheResyncFiletime @now
(Weitere Optionen siehe diesen MS-PKI-Team-Blogeintrag)
- Start a CA even if the revocation check on its own certificate has
failed - set this flag:
certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
- Key Recovery:
- Search for the archived keys of a specific user and create a batach
script (CA admin permissions required)
certutil –getkey domain\username >recovery-username.bat
This script also contains the password of the p12 key file that will be created.
- Run this batch file. This creates a single p12 file including all keys for this user. Pre-requisites: The user executing the script needs to have one Key Recovery Agent's certificates associated with each of the keys to be recovered in his/her store. In addition CA Admin permissions are required and this needs to be an admin cmd session.
- Search for the archived keys of a specific user and create a batach script (CA admin permissions required)
- The batch file does the following for every key found:
certutil -getkey [SerialNumber] [encrypted blob]
certutil -recoverykey [encrypted blob]
A temporary p12 file is created from every blob; then all p12 files are merged using certutil -mergepfx and all temporary files are deleted.
PKI and smart metering
Requirements for a smart meter PKI in Germany:
Sicherheitsinfrastruktur für „smarte“ Versorgungsnetze
An example: Smart Meter mit PKI Sicherheit