[ssh_x509] Certificate Procedures and Test Program

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Apr 28 20:27:49 EEST 2019

ssh_x509 at roumenpetrov.info wrote:
> [SNIP]
> 2) I didn't understand the real use of IdentityFile, I believe only public
> key file is sufficient to request certificate to the Microchip Program to
> Sign using RootCA module. and using that certificate I can establish the
> connect with the Server isn't ?
>      - I read in the "*README.x509v3*" the IdentityFile should "*contain
> both sections - private key and certificate in PEM format:*" what is the
> need of having the Private key in the Identity file? does exposing the
> Private key case the security breach?
> [SNIP]
By default "Identity file" has only private key.
It is recommended to be password protected with permission suitable only 
for owner access.
Public key could be generated from private with command ssh-keygen -y -f 
Only public part is shared with remote.
Program checks for permission of private key refuse to use key 
"Permissions ...  '....' are too open.
If identity is stored in file "foo" public part is in foo.pub.

Now about certificate based identity.

For custom certificate OpenBSD team decides to use "external file". If I 
remember well custom has only one level.

By design I prefer for use that same file to store certificate that 
match key and other certificates.
More or less this is like to expand whole content of a PKCS#12 file 
(openssl pkcs12 -in ....
Also from identity file we could create pcs12 file :  openssl pkcs12 
-export  -in identity -out identity.p12 ...
Technically I could design program to use foo.cert, foo.cert1 and foo.certN.
If certificate chain has intermediate certificates solution with 
"single" file is more easy to maintain.

- ssh-keygen -y -f  also has to be used to create pub-file;
- nevertheless that identity has certificates private part(key) has to 
be password protected;
- intermediate certificates could be added to "x509 certificate store" 
instead user identity. This depend of algorithms used in authentication;
- certificate chain is required for algorithms described in rfc6187 but 
not used in "legacy" one (draft-ietf-secsh-transport-12.txt) .

Now about authentication process.

Client try authentication with public part of first identity. In this 
phase is used pub-file (if exist) just to avoid user password.
If identity is accepted by server client sends "signed" packet. Signing 
requires "private" part and user has to enter password, pin and so on.
Remark: use of agent changes this part .

Authentication process is described in detail in a number of documents 
(RFC) - see section "CONFORMING TO" in manual page ssh(1)

In conclusion identity is not same as private key stored in a file.
In authentication is used public part of identity either generated from 
private key or X509 certificate that match private. Private part is used 
only to sign an explicitly designed packet.


More information about the ssh_x509 mailing list