2

Recently I came across this c# code:

var dn = new X500DistinguishedName($"CN={_appSettings.CommonName};OU={_appSettings.OrganizationalUnit}", X500DistinguishedNameFlags.UseSemicolons);
SubjectAlternativeNameBuilder sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddUri(new Uri($"urn:{_appSettings.ApplicationUri}"));

using (RSA rsa = RSA.Create(2048))
{
    var request = new CertificateRequest(dn, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

    request.CertificateExtensions.Add(sanBuilder.Build());

    var selfSignedCert = request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));

    ...
}

...

Having a look closer at the CertificateRequest constructor parameters, the rsa key is described as:

A RSA key whose public key material will be included in the certificate or certificate request. If the CreateSelfSigned(DateTimeOffset, DateTimeOffset) method is called, this key is used as a private key.

The bold part is the one I don't really understand. Does that mean that when self signing the certificate, the certificate is signed using the given RSA key AND adds the same key as public key to the certificate?

In my understanding for TLS, we have two public-key pairs, one for signing and one for encryption. The CA signs a certificate with its private key and offers a public key to the clients to verify the signature by decrypting it with the public key, whereas the provider of a service offers a public key which the clients use to encrypt their keys first in the tls handshake which after that gets decrypted with the service providers private key.

However, in the above code sample, we create a certificate that contains what exactly? Server public key is for encryption, but what key for decryption of the signature?

Tobias von Falkenhayn
  • 1,355
  • 5
  • 26
  • 59
  • When sending encrypted data, a public key is derived from the private key and the public key is different for each message sent. The receive end also need the same private key to decrypt the message along with the transmitted public to decrypt the message. A certificate doesn't have a signature. See Wiki example : https://en.wikipedia.org/wiki/Public_key_certificate – jdweng Jul 14 '20 at 10:33
  • "A certificate doesn't have a signature" The wiki article proves you wrong here: "The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer)" – Tobias von Falkenhayn Jul 14 '20 at 10:36
  • A signature in encryption is usually an "encrypted value" and not Identity information. Encryption there is Black Data (not encrypted) and Red Data (encrypted data). Signature is encrypted Red Data. – jdweng Jul 14 '20 at 10:44
  • @TobiasvonFalkenhayn: It's important to ignore jdweng, he is a prodigious poster of misinformation. – President James K. Polk Jul 15 '20 at 16:35
  • 1
    Your understanding is correct. Now for the self-signed case, in effect you are your own CA, from the your keypair you place the public key into the certificate request and then you sign this certificate request using the private key from the same keypair. If you look at the root certificates for almost all CAs you'll see they are self-signed. Just look at the root for this website in your browser. The public key that is in the certificate is also used to verify it. This is why a self-signed certificate conveys no trust, you must trust it or not based on other considerations. – President James K. Polk Jul 15 '20 at 16:40

0 Answers0