Audit Results Session 2015.4
Audit Type |
Operational Audit |
Report Status |
Final Report |
Audit initiated by |
Directive of Board |
Audit Subject |
Audit over Test Root Re-Signing |
Follow up status |
2015-10-14 Send to Board for approval |
|
2015-10-25 Approved by board in m20151018.1 |
Contents
Executive Summary
The cryptographic hash function MD5 is depreciated and its support will be removed from all browsers in the future. CAcert is using MD5 as hash algorithm in its self-signed root certificate. This would be no problem, since it is the trust anchor by itself but the removal of browser support will make the use impossible on one day.
For this reason, the software team created a github repository with scripts re-signing the current root certificates using SHA256 as signature algorithm; based on Bug 1305.
During the audit four recommendations have been identified.
Purpose, Scope and Methodology
Re-signing root keys is - as generating them - a significant task for a certificate authority. It should be carefully designed and monitored. To validate the correctness and completeness is therefore an important task. The test run on root re-signing has exactly the goal to provide evidence on correctness and completeness of the process, while audit verifies additionally the sanity of the keys generated. The Audit was conducted as an inspection of the process. The scripted process was validated.
The process to audit includes only the review of the generation scripts, the preparation (build and sign the software) and the resigning of the certificate itself, the transferral of the keys to data center and any further steps are not part of the audited process.
Audit Results and Recommendations
Tool review
The software and the script to re-sign the root certificate with SHA256 has been audited. There is no objection with software and tool. Prior use with CAcert's root keys, two formal software assessments must be done and the procedure accepted by board.
Test run attendance
The test generation session was attended by BennyBaumann (Lead), FelixDörre, WytzevanderRaay (Critical Admin, Acting), MartinSimons (Critical Admin), MartinGummi (Observer), BenediktHeintel (Protocol), MarcusMaengel (Observer, 1st run only), DirkAstrath (Observer, 2nd run)
Test run preparation
- USB sticks are checked for sanity, formatted with ext3 and placed on the table so everyone could see if touched
- USB stick with signer software including test root certificate and pass phrase
- Notebook for generation had no battery, hard disk drive, WLAN, WWAN connected
- Notebook is attached to an UPS
- Notebook screen attached to projector, displaying the screen operated on
Test run preparation I protocol
All steps at the notebook had been conducted by WytzevanderRaay:
- Notebook booted from live CD
- Start rypescript/timelog for logging activities on the console
- Mounted USB stick with source code
- installed additional packages from stick
- Copy source code from USB stick to /ramdisk
- Generated public-private key pair with key size 2048 bit
- Divided public key from private key
- Displayed fingerprint of public key:
37ef a6a2 6692 bcc2 e610 f5c7 4306 ee2f 6618 8b80 7c1d 96b8 d83c 81a4 3369 0655
Validated source codes fingerprint (hash value), last minute changes approved by BennyBaumann
Disturbance of the re-signing test session for non-urgent business for about 10 minutes. The procedure was not compromised, but the participants concentration was for the next 15 minutes
- Created signature for test root key with private key
- Stored software, fingerprints, and public key on USB stick
- Deleted private key
- Copied transcript to online USB stick
- Unmounted USB sticks and shut down notebook
Decision to automate the software build and signing process and reduce the steps needed. 45 minutes break before the second test run.
Test run preparation II protocol
Created script execute.sh for certificate re-sign.
SHA256 fingerprint of execute.sh:
602b 8c23 17ea 8afa 1e84 b845 0cb4 0aa4 abcf f499 f1c8 fcee bddd 81be 4578 a9ab
- Notebook booted from live CD
- Start typescript/timelog for logging activities on the console
- Mounted USB stick with source code
- installed additional packages from stick
- Copy source code from USB stick to /ramdisk
- Unmounted USB stick with source code
- Mounted plain USB stick
Verified SHA256 hash sum of execute.sh (matches)
Run execute.sh
- Displayed fingerprint of public key:
8d96 662f e571 c54d 9cb3 b466 bacf 8e0c fbd0 6102 8fb1 6243 9a56 c724 4e3b 3f11
- Script finished successfully
- Stored typescript on USB stick
- Unmounted USB stick and shut down notebook
Test run re-signing protocol
The actual re-sign must be done on the signer; the test run was conducted on same notebook used for the preparation.
- Notebook booted from live CD
- Start typescript/timelog for logging activities on the console
- Created needed directories in /ramdisk
- Mounted USB stick with source code
- Mounted USB stick with signer software
Unencrypted root.crt with root.key
Re-signing software main executed; finished without error
Checked results of root_256.crt:
Hash Algorithm: SHA256 x509v3CRL distribution point added NetscapeCARevocationURL added AuthorAuthorityInformationAccess (OCSP) added
copied root_256.crt and typescript to USB stick
- Unmounted USB stick and shut down notebook
The content from the sealed envelope and the Re-signed Test Server root Certificate.
Certificate handling
There are two sets of the USB sticks created. Each USB stick put in one envelope, both envelops sealed,
one stick is kept with BenediktHeintel (see sealed_envelop_front.jpg & sealed_envelop_back.jpg),
one stick is kept with WytzevanderRaay
BenediktHeintel is supposed to disclose the content of his stick after the installation of the new root on the test server.
Discovery
The process description was read aloud and followed during the creation with the following mutual between Software, Critical Admins, and Audit agreed derivations:
- The source code integrity was not checked; the source code was directly downloaded from the repository
- The memtest86+ runs have been skipped
- All offline components have been stored on two USB sticks (each with complete set) instead of on three different
- The Fingerprints of the keys are written on the sealed envelopes and not send to board
All of these derivations are okay since this was only a test run. Nevertheless, the decision was unanimously taken, to use the re-signed certificate for the test root signer. The certificate is therefore flagged as test root certificate.
Non-Conformities
None
Recommendations
Enclose the last echo commands in execute.sh in quotation marks. (implemented)
- Transfer the procedure from github to CAcert's Wiki.
- Disturbance should be avoided under all circumstances. Before the session, every mobile phone and pager should be switched off and put on top of a table, also the door should be closed during the session and entering and leaving the room should be forbidden while the session is running. (This of course does not apply in a case of emergency.)
- Have USB sticks of different brands available to avoid failures of hardware and compatibility issues.
Auditor
-- BenediktHeintel 2015-10-14 19:40:17