Asymmetric signatures rely on fingerprints that are signed with private keys. With the public key of the signatory, anybody can check whether the signature is valid and whether it matches the fingerprint. But where to get the public key of the signatory? And how can we be certain that it is really authentic? Certificates are the answer, especially if there are more possible signatories with unique pairs of keys.
What Are Certificates?
Suppose your company wants to start signing its emails to reassure your business partners that they are receiving genuine emails that have not been tampered with. All of your people are given a pair of keys – but how can all of your business partners receive all of the public keys of all of your employees? It is virtually impossible. The only option is to have a central authority sign the public keys in conjunction with the data of the employees who possess them, i.e. their email addresses and names. The electronic document that stores the public key of the employee and his or her data is called a certificate. All employees sending an email sign it with their private keys and append the certificates. All your business partners now need is the public key of the central authority. They can then verify all of your certificates and – with the public key in the certificate – the email of your employee.
Certificates can contain entire chains of certificates: A third party could authenticate the public key of your central authority with another certificate. The certificates of your employees typically include the entire chain.
There are entire companies specializing in the production of certificates, including the current leaders in the market: Symantec, Comodo, GoDaddy, and GlobalSign. So-called root certificates that contain the public keys of these providers are included in most current operating systems. These providers are called trusted certificate authorities; all certificates created by trusted authorities can be verified immediately.
The special obligation for trusted certificate authorities is to check and inspect all of the individuals and organizations for whom they provide certificates, using such immediate means as contacting the managing directors of their clients directly via a phone number from the public domain (a public phone directory).
Formats of Certificates
A certificate could come in any shape and size. The internet typically uses X.509 certificates, which could be associated with an email address or a DNS name, for example. The application of the certificate can be specified in a dedicated extension (KeyUsage) to allow people to check whether a certificate is actually being used for its intended purpose. A root certificate, for instance, has to have the “certificate sign” key usage.
To protect software against tampering, Wibu-Systems uses a proprietary compact certificate format, because X.509 uses lots of resources and is notoriously slow – two qualities that make it a poor choice for small-scale embedded devices in particular. X.509 also lacks some important additional information, although the structure and security features of the Wibu-Systems format resemble X.509.
CodeMeter can store standard X.509 certificates to be compatible with all standard applications, needing only PKI middleware (CSSI) to link up with the standard interfaces (PKCS#11 / Microsoft CSP).
Certificates are not limited to specific encryption algorithms. They can use e.g. MD5, SHA1, or SHA256 as fingerprints and RSA or ECDSA as signing algorithms.
Certificates and Private Keys
In common parlance, we speak of “signing something with a certificate.” This is incorrect – we sign something with a private key and add the public key, authenticated by the certificate. The private key is not part of the certificate, although there are certain file formats in which the certificate and the allocated private key are kept in a single file.
CodeMeter offers a means of storing private keys securely in a CmContainer. The private key remains in the container, while the fingerprint is sent by the CodeMeter API to the container to be signed. CmDongles use their built-in smart card chip for the purpose, while “soft” CmActLicenses use the CodeMeter Runtime, which operates as a service or demon and is protected against illicit accessing or debugging. The certificate itself can be stored in the CmContainer, in a readable component, or as a file on the hard drive.
What Happens to Lost Certificates
Losing a certificate itself does not cause any problem, since the certificate includes no confidential information. Losing a private key for a certificate (or allowing somebody else to acquire it), on the other hand, can have dramatic consequences. A person with the private key can sign anything in the name of the original owner and use the certificate to authenticate the corresponding public key.
This was one of the reasons for the impact of Stuxnet. Software developers sign their code, especially for drivers, with their private keys. Certificates from trusted certificate authorities are used to confirm the public keys. Virus scanners typically work with points systems; software from reputable sources gets bonus points. In the Stuxnet case, the private keys of two known producers of drivers were stolen and used to sign the virus. This meant that the virus could not be recognized by anti-virus software and had an opportunity to spread undetected.
For such cases, there are so-called certificate revocation lists (CRL) with the immediately identifiable serial numbers of revoked certificates. These CRL are themselves signed to ensure their integrity.
Both certificates and revocation lists have distinct expiry dates, making it necessary to update both of them on a regular basis. This is not a problem for internet-connected PCs, but it is an issue for embedded devices that are expected to control hardware over many years without ever going online. It should be carefully considered for how long a certificate should stay valid: If a beverage maker’s plant stops operating, it would simply not produce any profit. A blast furnace, however, would become unusable for good.
How to Obtain Certificates
There are two basic ways of obtaining a certificate. The traditional way is by personally creating a pair of keys. CodeMeter can do so either by means of the CSSI middleware (pair of RSA keys) or by means of the CodeMeter API (RSA or ECC keys). When using a CmDongle and a pair of ECC keys, this can also rely on the random number generator integrated on the smartcard chip. The private key is created on the dongle and never leaves it. The public key can be calculated by the CodeMeter API.
In the next step, a certificate signing request (CSR) is produced, which already includes relevant data like the owner’s name and the public key. This CSR is sent to the certificate authority.
The private key of the certificate authority is used to produce a certificate, normally by checking and copying data from the CSR. Other data or data fields can be added if required. If the certificate authority is not a root certificate authority, its certificate is also included in the client’s certificate.
The finished certificate is sent back for storage by the client.
In practice, this can be a complicated effort. Many people choose an alternative approach: The certificate authority creates the pair of keys, then produces the certificate, and finally sends the certificate and the private key to the intended owner. This simpler procedure has distinct drawbacks: Two parties – the owner of the certificate and its issuer – now know the private key. The intended use and the potential risks determine how grave a problem this would be. An operator of a website wanting to identify his users by way of a self-created client certificate will not have a problem with the method. Another disadvantage is the way in which the private key is transferred, which should be protected from the prying eyes of unauthorized third parties. This normally means password protection.
CodeMeter offers a simple means of securely transferring private keys. A license (which can contain keys in the data) can be placed on a CmContainer by remote programming. The user first creates a remote context file (WibuCmRaC) with the public key of the chosen CmContainer. The creator of the license uses this to create a remote update file (WibuCmRaU). The license data in that file is encrypted and can be decrypted only by the right CmContainer. Decryption takes place within the container itself, so that the private key is never present in clear text form outside of this secure environment. CodeMeter makes creating and distributing private keys and certificates easy.
A self-signed certificate is a type of certificate that one creates by means of one’s private key. It is a simple way of creating certificates, especially for trial purposes. For a self-signed certificate to be accepted, it normally has to be added manually to the list of trusted certificates. This typically limits their use to testing and trials.
Typical Use Cases
A typical area of application for certificates is their use as server certificates, which establishes the identity of a web server and encrypts the communication between end users’ browsers and that server.
Client certificates are another form. The operator of a website creates and distributes certificates, that browsers use in combination with the private key to access the server. The server can then read the certificate and award specific access rights, e.g. for named organizational units (OU).
Code signing certificates are a third type of application, with software developers signing their code, whose genuine origin is verified by means of a correct certificate. Windows’ built-in system was originally designed to protect end users from malware and viruses. CodeMeter now uses the same idea to protect the integrity of entire embedded devices.
Other use cases include the encryption of email messages or the new German identity card (NPa).
OPC UA (OLE for Process Control Unified Architecture) also relies on certificates, which are used as server and client certificates. CodeMeter again makes easy work of creating and managing these certificates. Finished certificates can be distributed simply by plugging the right CmDongle into the controller or PC.
Certificates are an essential tool for identifying individuals or devices and for verifying whether data is genuine. Certificates and the private keys allocated to them can be used to establish truly secure lines of communication. They are an ideal addition to licensing and copy protection systems like CodeMeter. CodeMeter has been designed to work hand-in-hand with certificates and private keys, which are stored in a secure and unreadable format in CmContainers. CodeMeter supports the X.509 standard as well as a lean proprietary format for systems with limited resources.