SSL certificate signing request - Openssl

This is a discussion on SSL certificate signing request - Openssl ; Hi Is it possible for a certificate authority (CA) signing my SSL certificate signing request (csr) to decrypt my own SSL sessions ? Or, in other words, in a csr are there enough infos about my private key to be ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: SSL certificate signing request

  1. SSL certificate signing request

    Hi

    Is it possible for a certificate authority (CA) signing my SSL certificate signing request (csr) to decrypt my own SSL sessions ? Or, in other words, in a csr are there enough infos about my private key to be able to intercept SSL sessions encrypted by my public key ?

    Thanks and Cheers,
    Phibo
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. Re: SSL certificate signing request

    Definitely not. Your private key is your own. Certificate signing is
    just a way of vouching for your identity, nothing more. You can use
    self-signed certs if you're that concerned about it, but I wouldn't
    recommend it if compatibility is an issue.

    On Mon, Jul 28, 2008 at 1:16 PM, Phibo wrote:
    > Hi
    >
    > Is it possible for a certificate authority (CA) signing my SSL certificate signing request (csr) to decrypt my own SSL sessions ? Or, in other words, in a csr are there enough infos about my private key to be able to intercept SSL sessions encrypted by my public key ?
    >
    > Thanks and Cheers,
    > Phibo
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org
    >

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. Re: SSL certificate signing request

    On Mon, Jul 28, 2008, Phibo wrote:

    >
    > Is it possible for a certificate authority (CA) signing my SSL certificate
    > signing request (csr) to decrypt my own SSL sessions ? Or, in other words,
    > in a csr are there enough infos about my private key to be able to intercept
    > SSL sessions encrypted by my public key ?
    >


    It can't decrypt anything using your public key no because the CSR only
    contains details of your public key and a digital signature.

    A CA could in theory perform a MITM attack, by issuing itself a certificate
    with your identity and containing a public key to which it has the private
    key.

    Steve.
    --
    Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    OpenSSL project core developer and freelance consultant.
    Homepage: http://www.drh-consultancy.demon.co.uk
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  4. Re: SSL certificate signing request

    Dr. Stephen Henson escribió:
    > On Mon, Jul 28, 2008, Phibo wrote:
    >
    >
    >> Is it possible for a certificate authority (CA) signing my SSL certificate
    >> signing request (csr) to decrypt my own SSL sessions ? Or, in other words,
    >> in a csr are there enough infos about my private key to be able to intercept
    >> SSL sessions encrypted by my public key ?
    >>
    >>

    >
    > It can't decrypt anything using your public key no because the CSR only
    > contains details of your public key and a digital signature.
    >
    > A CA could in theory perform a MITM attack, by issuing itself a certificate
    > with your identity and containing a public key to which it has the private
    > key.
    >
    > Steve.
    > --
    > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    > OpenSSL project core developer and freelance consultant.
    > Homepage: http://www.drh-consultancy.demon.co.uk
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org
    >

    I want to colaborate. RSA algorith with a 1024 bits key is invulnerable,
    while you keep your private key secure. If your keys have been generated
    with RSA algorithm, your ca will need millions of computers working at
    the same time, many many years. RSA Laboratories is always trying to
    hack their own algorithm. They have achieved an attack with 700-800 bits
    of key (really modulus, which also is public). Try to factorize a number
    of 1024 bits and find the two primus (primus?....non divisible) numbers
    that generated the modulus
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  5. Re: SSL certificate signing request

    O.K. That's what I expected. Thanks !

    Cheers,
    Phibo

    On Tue, 29 Jul 2008 11:47:02 +0200
    "Dr. Stephen Henson" wrote:

    > On Mon, Jul 28, 2008, Phibo wrote:
    >
    > >
    > > Is it possible for a certificate authority (CA) signing my SSL certificate
    > > signing request (csr) to decrypt my own SSL sessions ? Or, in other words,
    > > in a csr are there enough infos about my private key to be able to intercept
    > > SSL sessions encrypted by my public key ?
    > >

    >
    > It can't decrypt anything using your public key no because the CSR only
    > contains details of your public key and a digital signature.
    >
    > A CA could in theory perform a MITM attack, by issuing itself a certificate
    > with your identity and containing a public key to which it has the private
    > key.
    >
    > Steve.
    > --
    > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    > OpenSSL project core developer and freelance consultant.
    > Homepage: http://www.drh-consultancy.demon.co.uk
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org
    >

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread