Kyle Hamilton wrote:
The fact that root certificates are NEVER trusted, under X.509, unless
they're already in the client store (or are added as a specific
security exception). These are a special class of certificates called
"trust anchors" (technically, the trust anchor is the public key; the
certificate is the thing that holds metadata, including the
subjectKeyIdentifier, which is used in certificates signed by it to
uniquely identify the signing key).
(You get root CAs from places like Microsoft, Mozilla, Apple, Opera,
and your OS distribution vendor.)
The reason why it's very difficult to forge a certificate from a root
CA is due to the mathematics behind asymmetric cryptography. Please
see a book called "Applied Cryptography 2nd Edition", by Schneier, for
a very good introduction to the concept and a discussion of how
unlikely it is.
-Kyle H
I'm pretty sure Dan is asking if it is possible to recreate the private
key that generated the public key that is already in the certificate
store (i.e. something you already trust). Everyone here seems to be
assuming that he meant creating a new root CA.
Issuers re-issue signed keys every year for "security purposes", but if
*I* were some ridiculously-brilliant hacker with unlimited processing
resources and I were targeting a key to break, I would skip that and go
for the Big Enchilada: A key already in the trusted certificate store
on every user's machine and in every major browser. With a duplicate
private key (e.g. Verisign's CA _private_ key), I could theoretically
generate any key for any domain I want to intercept/monitor transactions
for. The additional benefit that most CAs in the certificate store are
good until 2038 instead of a single year only helps further the benefit
of targeting such a key.
Probably impossible.
--
Thomas Hruska
Shining Light Productions
Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
