Peter Djalaliev wrote, On 2008-08-07 09:26: > My company develops an in-line network device that possibly resigns > certificates of SSL connections with an internal CA.
Oh, a MITM! :-) Is there a web page where we can read more about that product? > Currently, we do > not handle the regular DH ciphers, but supposedly some SSL traffic > uses them. As far as I understand, an SSL server that uses regular DH > ciphers (DH_RSA_* and DH_SSL_*) must have an SSL certificate with DH > public key / parameters in it. Yeah. The DH params may be in a superior cert in the cert chain (e.g. in the issuer's cert), but IMO, it's best for them to be in the server's own cert. > Any pointers about where I should look in order to generate a DH SSL > certificate using NSS? Does NSS also have an API to generate the DH > parameters? Well, I'd look at modifying certutil. One problem is that certutil presently assumes that the generated key will be capable of being used for signatures, and will be used to sign the PKCS#10 certificate request. Obviously, that's not possible with DH keys. So it won't be possible for the PKCS#10 request to be "self signed" with the public key that is being requested to be in the cert. I think this is one of the reasons that CRMF/CMMF was developed. It has a way to provide "proof of possession" of the private key without necessitating signature capability. NSS expects the DH parameters to be supplied in the same way that they are supplied for DSA keys, in the format of a PQG triplet. Generally, all the certs issued by a CA for DH or DSA will use the same parameters. A new set of parameters is NOT generated for each key. NSS expects the parameters to be supplied in a file of PQG parameters, and NSS has a program to generate PQG parameters. It is named makepqg. It makes a PQGparams file, which is then an input argument to certutil. The program makepqg makes DSA parameters, which also work ok as DH params. DH can use params that are not subject to the DSA constraints, but makepqg only makes params that ARE subject to the DSA constraints. You'll need to enhance the function CERTUTIL_GeneratePrivateKey in security/nss/cmd/certutil/keystuff.c to know about DH keys, generating them with mechanism CKM_DH_PKCS_KEY_PAIR_GEN, and passing the PQG values to them properly (as is already done for DSA). You'll also find major clues in SECKEY_CreateDHPrivateKey (see http://mxr.mozilla.org/security/ident?i=SECKEY_CreateDHPrivateKey ) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
