a new free smime service, but...

Steffen Nurpmeso steffen at sdaoden.eu
Tue Oct 22 20:20:23 CEST 2019 

MFPA via Gnupg-users wrote in <1171562612.20191022004056 at my_localhost_AR>:
 |On Sunday 20 October 2019 at 3:20:41 PM, in
 |<mid:87a79vsdl2.fsf at mat.ucm.es>, Uwe Brauer via Gnupg-users wrote:-
 |
 |> I just found that
 |> https://extrassl.actalis.it/portal/uapub/doProcess
 |
 |> Provides a free smime certificate.
 ...
 |> does somebody know whether there is a security
 |> breach, the way this
 |> certificate was generated?
 |
 |I'm no expert but their Certificate Policy reads to me that the
 |private key is compromised right from the start. I think usually the

I think it is common that S/MIME and SSL certificates are
delivered via PKCS12, including the private key.  You then seem to
extract the individual things like

  $ openssl pkcs12 -in cert.p12 -out certpem.pem -clcerts -nodes
  $ # Alternatively
  $ openssl pkcs12 -in cert.p12 -out cert.pem -clcerts -nokeys
  $ openssl pkcs12 -in cert.p12 -out key.pem -nocerts -nodes

 |keys are generated on the subscriber's device and only the public key
 |goes to the CA to be certified.

This is possible via CACert.org, at least still (out of money).
You create your local signing request, and the private key.pem never
leaves your own box:

  $ openssl req -nodes -newkey rsa:4096 -keyout key.pem -out creq.pem

(Ensure all email addresses of desire are included in the web
form.)
Unfortunate that besides Comodo there seems no other provider of
free S/MIME certificates.  You can only self-sign, and provide
a safe transport for a certificate to compare with.  Which is why
PGP is so nice.

 |https://www.actalis.it/documenti-it/caact-free-s-mime-certificates-polic\
 |y.aspx
 |
 |    3.2.2 Proving possession of private key
 |
 |    The private cryptographic key corresponding to the public key
 |    within the certificate is generated by the CA (with a suitable
 |    algorithm, size, etc.) and subsequently sent to the subscriberin
 |    PKCS#12 for-mat[PFX], via email, thereby insuring that the
 |    subscriber does possess the private key.The password needed to
 |    import the PKCS#12 file isprovided to the subscriber out-of-band
 |    (via web), therefore protecting it from unwanted disclosure to
 |    third parties. The CA does not retain such pass-word, so that the
 |    legitimate subscriber –assuming that he/she keeps such password
 |    confidential –remains the only person able to import the PKCS#12.

Better than nothing.  Sometimes the browser is used to create
thins, i have done that once for StartSSL i think it was (now
defunct).  I would not use this service, however, because why do
they want to do it like that?  They could very well just offer the
one-liner and allow pasting of the signing request, then the
private key would never have been exposed to anyone but the user.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the Gnupg-users mailing list