[Help-gnutls] Problems with Key usage violation
nmav at gnutls.org
Wed Mar 30 21:50:57 CEST 2005
On Wednesday 30 March 2005 20:01, Andreas Thienemann wrote:
> On Wed, 30 Mar 2005, Nikos Mavrogiannopoulos wrote:
> >> From my understanding of x509 keys, this means that the certificate is
> >> used in a way which does not correspond with the allowed usage cases.
> > Correct. Gnutls checks the key usage X.509 certificate extension.
> > That is, for example, if the RSA key is marked encrypt only, you cannot
> > use the DHE_RSA algorithm that requires signing.
> Which extension exactly is checked?
> key usage and extended key usage?
> > Use the output of certtool or the -text output of openssl x509. Try
> > ./certtool -i <server.crt
> Okay. certtool seems to have some problems recognizing some extensions as
They are private extensions.
> only numbers are shown and to have some problems with the DER parsing.
I will try to check this problem.
> But one of the recognized key purpose seems okay to me: TLS WWW Server.
The key purpose is ok. The key usage is not.
> Key usage:
> Key encipherment.
This only works with plain RSA cipher suites. That means that your server
MUST NOT use DHE_RSA, which is a signing ciphersuite.
> Besides the fact that this should be valid for all kind of TLS servers, it
> looks okay to me.
No this is not valid for all TLS servers. Only for the ones that use plain
> Additionally the key usage "Key encipherment" should be okay as well, that
> is if I understand the different usages correctly.
You need the digital signature flag in order to use the DHE_RSA and RSA_EXPORT
> > gnutls does not check the purpose, but rather the key usage.
> _ONLY_ the key usage?
Only the key usage. The key purpose is quite high level and should be checked
at the application level.
> Then I do not understand the problem.
> According to
>yusage (german stuff about the dfc cert) ssl servers need "key encipherment"
I didn't read it but probably they talk about the RSA ciphersuites. So just
disable the DHE_RSA ciphersuites in your server. Usually it is a good
practice to limit the scope of the key to signature or encryption only to
avoid certain kind of attacks.
More information about the Gnutls-help