Why private key is used amidst creation of CSR?

Question

A CSR is mainly created to create a certificate having trusted public key.

Before creating a CSR,

we create a private key

openssl genrsa -out key.pem 1024

and then use that private key(key.pem) to create a CSR(req.pem) request.

openssl req -new -key key.pem -out req.pem

Edit:

I see that a docker engine is installed with root certificate, server certificate & private used with CSR

What is the exact purpose of providing private key(key.pem as input) amidst submitting CSR? Because certificate is supposed to be signed with parent private key

Is private key(key.pem) required to generate corresponding public key amidst CSR creation?

or

Is private key(key.pem) used to encrypt the CSR and the resulting signature is appended to CSR?

The CSR is signed with your private key. As it contains the public key, the CA is able to verify the signature. — Lorinczy Zsigmond, Jun 04 '19 at 19:05
@LorinczyZsigmond and that signature is replaced with CA private key's signature amidst creating certificate from CSR(`openssl x509 -req -days 365 -sha256 -in req.pem -CA ca.pem -CAkey ca-key.pem -CA createserial -out server-cert.pem`). Is that the only difference in content from CSR(`req.pem`) to certificate(`server-cert.pem`)? — overexchange, Jun 04 '19 at 19:11
The CA might change fields, add/remove usages etc. Also the CA determines the validity interval of the certificate ('not before', 'not after' fields). Edit: also the certificate contains issuer-specfic data, unlike the CSR. — Lorinczy Zsigmond, Jun 04 '19 at 19:55
@LorinczyZsigmond does signature gets replaced? As asked in my previous comment... — overexchange, Jun 04 '19 at 20:44
Yes, or to be precise, the cert and the csr are different documents, signed by different parties (issuer CA vs requestor). — Lorinczy Zsigmond, Jun 05 '19 at 04:11
@LorinczyZsigmond Query edited.... I see that private key used amidst creation of CSR is also uploaded. Why do we need this private key? TLS handshake just need certificate... — overexchange, Jun 10 '19 at 17:51
When creating a TLS-session, you cannot use a certificate without the corresponding private key: the other party, after receiving the certificate, gets the public key from it, and challenges you to prove you have the corresponding private key. You cannot continue the handshake without having the private key. — Lorinczy Zsigmond, Jun 11 '19 at 04:41
@LorinczyZsigmond yes I understand that when client send PMSecret encrypted by public key, server decrypts it using this private key.... but my question is... why do you need to add signature to CSR with its private key? Read the question in the query.. — overexchange, Jun 11 '19 at 05:00
I can't see any CSR in the attached image: there is ca.cert, ee.cert and ee.prvkey. — Lorinczy Zsigmond, Jun 11 '19 at 15:19
@LorinczyZsigmond you are right, there is no CSR in the attached image... but my question is.... when you run `openssl req -new -key key.pem -out req.pem`. why do you want `key.pem` before creating CSR?.... I knowthat, CSR has a signature using private key. But why CSR need to have signature with its private key? — overexchange, Jun 11 '19 at 15:40

score 2 · Accepted Answer · edited Oct 07 '21 at 11:04

The structure of a PKCS#10 certification request (RFC 2986) is, loosely described:

Request:
    Info:
        Version
        Name
        PublicKey
        Attributes
    SignatureAlgorithmIdentifier
    Signature

The attributes are attributes for the request, where one if them could be attributes you are requesting for the resulting certificate.

The CA can respect as much, or as little, from the CSR as it chooses. StartSSL, for example, only read out the public key information, and discarded the remainder of the CSR -- everything else they needed was based on your request from their web UI and your account status.

In general, the CA isn't going to ignore the public key value, because if they asserted a new keypair for you they'd need to figure out how you were supposed to get the private key. So, the public key part needs to be present and correct. OpenSSL's command can get the public key value by reading the private key, then it can embed it in the CSR.

The second reason you need the private key is to sign the request. I'll assert that the main reason the request is signed is to force/strongly-suggest you save the private key at this stage, so you don't come back in a few minutes with a "please revoke this new certificate, I already lost the private key" request. The RFC (also) has this to say:

Note 2 - The signature on the certification request prevents an entity from requesting a certificate with another party's public key. Such an attack would give the entity the minor ability to pretend to be the originator of any message signed by the other party. This attack is significant only if the entity does not know the message being signed and the signed part of the message does not identify the signer. The entity would still not be able to decrypt messages intended for the other party, of course.

Related question - https://stackoverflow.com/questions/57981385/tls-certificate-how-to-assign-a-cn-name-for-an-ec2 — overexchange, Sep 17 '19 at 20:40

Why private key is used amidst creation of CSR?

1 Answers1

Linked