[Help-gnutls] Problems with Key usage violation

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Mar 30 21:50:57 CEST 2005

On Wednesday 30 March 2005 20:01, Andreas Thienemann wrote:
> On Wed, 30 Mar 2005, Nikos Mavrogiannopoulos wrote:
> >> From my understanding of x509 keys, this means that the certificate is
> >> used in a way which does not correspond with the allowed usage cases.
> > Correct. Gnutls checks the key usage X.509 certificate extension.
> > That is, for example, if the RSA key is marked encrypt only, you cannot
> > use the DHE_RSA  algorithm that requires signing.
> Which extension exactly is checked?
> key usage and extended key usage?
Key usage.

> > Use the output of certtool or the -text output of openssl x509. Try
> > ./certtool -i <server.crt
> Okay. certtool seems to have some problems recognizing some extensions as
They are private extensions.

> only numbers are shown and to have some problems with the DER parsing.
I will try to check this problem.

> But one of the recognized key purpose seems okay to me: TLS WWW Server.
The key purpose is ok. The key usage is not.
>          Key usage:
>                  Key encipherment.
This only works with plain RSA cipher suites. That means that your server
MUST NOT use DHE_RSA, which is a signing ciphersuite.

> Besides the fact that this should be valid for all kind of TLS servers, it
> looks okay to me.
No this is not valid for all TLS servers. Only for the ones that use plain 

> Additionally the key usage "Key encipherment" should be okay as well, that
> is if I understand the different usages correctly.
You need the digital signature flag in order to use the DHE_RSA and RSA_EXPORT 

> > gnutls does not check the purpose, but rather the key usage.
> _ONLY_ the key usage?
Only the key usage. The key purpose is quite high level and should be checked
at the application level.

> Then I do not understand the problem.
> According to
> http://www.dfn-pca.de/certify/ssl/handbuch/ossl095/ossl095-4.html#s-gebr-ke
>yusage (german stuff about the dfc cert) ssl servers need "key encipherment"
> set.
I didn't read it but probably they talk about the RSA ciphersuites. So just 
disable the DHE_RSA ciphersuites in your server. Usually it is a good 
practice to limit the scope of the key to signature or encryption only to
avoid certain kind of attacks.

> bye,
>   andreas

Nikos Mavrogiannopoulos

More information about the Gnutls-help mailing list