arghman wrote: > I'm experimenting w/ using the "freemail" certificates from thawte & was just > wondering if there is a way I can use them with gpg (openpgp, NOT S/MIME). I > can figure out how to use openssl to extract the rsa public key / private > key from the exported PKCS12 file, but I'm not sure how (or if) there was a > way to import that to gpg. I'm also missing some big picture issues, e.g.: >
Dear Mr. Arghman from here http://www.minstrel.org.uk/wot-faq/q1.html it looks like an x.509 PKCS12 Public key Cryptography Standard file can be used to sign your PGP key. <Minstrel> Can I sign my PGP key with a Thawte Freemail certificate? Indeed you can. Although Thawte withdrew official and integrated support for signing PGP keys some time ago, there are still ways to achieve this (Thawte are looking into ways to reinstigate the process, but this may be some time away). Note that this process will only work for RSA keys, either legacy or 'new' RSA. 'New' RSA keys are only supported in the very latest versions of PGP. The steps you need to take are as follows (many thanks to Martin Bene for this description, which I have amended slightly for clarity): There are two conversion steps required: 1) Generate a certificate request from the existing key. 2) Get the certificate chain returned by Thawte into a format PGP can import. Generate Cert Request Use PGP's built-in CA support to generate the certificate request and a script on a webserver to mail it back to you. You can either use the script I've put up on my server or use your own server, mailreq script attached. [Contact me if you want a copy of this script -- Peter] 1. In PGPKeys got to Options/CA 2. Enter http://install.sime.com/mailreq.php?to=...@fugue.org as the CA URL 3. Select "Net tools PKI Server"e; as the server type 4. To get your certificate, go to the Thawte certificate manager 5. Use "Paste-in CSR Certificate Enrollment" right at the bottom 6. Click through to the "Paste PKCS10 Certificate Here" page 7. Note the required common name, something like "dFA7F1w4vmxLxA93" 8. Copy this common name to the clipboard (don't close the browser!) 9. In PGPKeys, right-click your key and select 'Add/Certificate 10. Edit the "Full Name" field, and paste in the string you copied from the Thawte site 11. Submit by clicking OK 12. You should now get an email containing your request 13. Back in the Web browser, paste the request into the text field 14. Submit the Certificate request. Import the stuff you get back from thawte Thawte will return the finished certificate both as a Netscape Certificate chain and as a PKCS7 Certificate chain, neither of which PGP understands. So, some conversion is required - the easiest way is to split the PKCS7 chain into seperate certificates and output these in ASCII format - just save into seperate .pem files and import into PGP (using 'Key/Import' and selecting the .pem files). To split the PKCS7 chaing, either use the attached splitchain.c script [Contact me if you want a copy of this script -- Peter] (requires Peter Gutmanns Cryptlib library) or use the web interface at http://install.sime.com/split.php You'll want to verify (trust) the Thawte Root Certificate you just imported to your PGP Keyring - here are some ways to do that: * Download the "Personal Freemail Root" cert from Thawte directly, and compare Key Fingerprint/Key ID. To do this: 1. Go to https://www.thawte.com/cgi/lifecycle/roots.exe 2. Find the Root entitled "1.Thawte Personal Freemail CA, 1995.12.31 - 2020.12.31" (this should be the right one) 3. Download the root in text form, saving as a .pem file 4. Import the .pem file into PGP * Export the Freemail Root certificate the Internet Explorer Root CA database, on your computer, and compare Key ID/Fingerprint. To do this: 1. Open Internet Explorer, and select 'Tools/Internet Options/Content/Certificates...' 2. In the 'Trusted Root Certificates section, marvel first of all at how many organisations you trust completely (!), and then select 'Thawte Personal Freemail CA' 3. Click 'Export...' 4. Either: export as a PKCS7 chain and then split it as described above Or: export as Base-64 encoded X.509 5. Import the resulting file into PGP Whichever you choose, you should finish by updating signatures from your favourite PGP Keyserver, and check those. Some final thoughts on the security of this process, especially with regard to using scripts on an untrusted server (i.e. my scripts): none of the steps involved send any Private Key data over the Internet, so your Private Key can not be compromised. Consequence of a hostile script in step 1 (mailing the certificate request back to you): the certificate request is self-signed, a modified request would therefore no longer be valid. A completely new request (different Private Key) would not match your key on import. The script could get your public key, but as the name implies... I don't see any really bad possibilities here. Consequence of a hostile script in step 2 (splitting the returned Certificate chain): more room for fun here. I could return a completely bogus certificate with equaly bogus Thawte Root certificates, thereby getting you to trust my "fake Thawte" certificates. So, it's absolutely VITAL that you check the validity of the root cert before trusting it! Once the root cert is OK, the rest of the chain including your personal cert can be trivially checked. Since putting the above description in this FAQ, I have received some further advice from Steve Davies. Note that I have not yet verified any of the details here, but it seems to be a slightly simpler approach: Some additional notes for you that might help make it easier in future: a) Setting up PGP to generate a cert request. You must have chosen a root certificate in the PGP Options/CA dialog before you can request a certificate. I suggest using the export Thawte root CA from IE, import into PGP path. Note to user that the file must be named *.pem for PGP to install it. b) For generating the cert request. You do not need the step 1) webserver->email process to collect the certificate request. There is a radio button on PGP's CSR generation page that says "PKCS-10"; This copies the request straight to your clipboard, ready to be pasted into Thawte's web-page. c) Using the certificate splitter Additional advice for using the on-line certificate splitter. Only copy the final certificate from the resultant web-page, and not any of the signing certificates. This is one less thing that can be faked; Instead, import an already generated Thawte Freemail cert from IE into PGP, with the full private key and certificate chain attached, and delete that provate key from PGP straight away, leaving just a (trusted) copy of the certificate chain in PGP. d) The poor man's (easy) solution Simply generate a key for IE, export it to PGP, and use that as your PGP key (1024-bit RSA legacy only though) Cheers, Steve PGP/GPG Public Key [4096/4096 RSA] Contact The Minstrel </Minstrel> I haven't tried splitchain.c but it is easy to do base64 encoding with openssl. I think thawte did previously offer OpenPGP certificates, but x.509 is better suited for websites and OpenPGP is better for emails. thawte certificates can be used with cacert certificates. But not all applications and operating systems support it, but they are equal x.509 conformant. signing and importing a key to your keyring is not equal, here is thawte maybe you can ask them directly? http://www.thawte.com/contact/index.html if you google for openpgp thawte.com you will find http://gswot.org/ which does this Bridging the OpenPGP, Thawte and CA Cert webs of trust. Sometimes in one single email you can S & E with x.509 and even overload this sign & encryption with an additional openpgp S & E If both secret keys were equal I would guess that the result could be plaintext, that x oring a message twice with the "same" key renders plaintext. hence I feel safe when I know that my RSA key from x.509 is created totally different than the openpgp --genkey process. You will need both ways to encode. In future we will have more voip and that is still unencrypted, but will be encrypted, just like skype GSM, SRTP ZRTP are different protocols which no one wants to use on a webserver. If you send html mail s/mine x.509 is better, Since I mostly send ascii or unicode email openpgp is better suited for me. It can encrypt large files and does the trick very well for verifying the integrity of fedora rpms. here is what you will need. ftp://ftp.pgpi.org/pub/pgp/7.0/docs/english/IntroToCrypto.pdf http://www.pgpi.org/doc/ http://www.imc.org/smime-pgpmime.html Sincerely 主バイトホイットフィールド _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users