[Cryptography-dev] Looking to sign certificates with pkcs11 key

Thu Dec 14 06:38:11 EST 2017

We discussed this in the past (
https://github.com/pyca/cryptography/issues/1506) but now that we're
dropping explicit backends the proposed solutions in that issue don't
really apply.

Probably the easiest path is just to sign your certificate with a dummy key
and then call `tbs_certificate_bytes` on the resulting certificate. Those
bytes can then be signed by your real key to construct the certificate and
then you can construct/load the resulting bytes as a cryptography object.
This avoids any private API calls, but is not particularly elegant.

If you want to create your own backend then you should be able to get the
bytes you need via i2d_re_X509_tbs rather than needing ASN1_item_i2d
directly bound. Be aware that since we're deprecating this backend concept
(at least as a thing that users pass as an argument) this might be a bit
tricky to maintain in the long term.

We've been discussing whether it makes sense to build a hazmat x509 layer
(to allow construction of a variety of various ASN.1 structures that
violate RFCs but are nonetheless seen in the wild) -- maybe giving access
to the tbs_certificate_bytes prior to signing makes sense there. In that
case the hazmat cert builder would provide tbs bytes that can be signed via
<other method> and then maybe we'd also include a hazmat method for
constructing the final cert from tbs + signature?

-Paul

On December 14, 2017 at 3:39:22 AM, Terje Elde (terje at elde.net) wrote:

Hi!

I’m looking to set up a solution where an intermediate CA signs
certificates using a pkcs11-accessible private key.

Doing this without pkcs11 seems pretty straight forward thanks to
pyca/cryptography, which is surprisingly comfortable to use. There’s no
native support for pkcs11 (yet) though, which sends me looking at hybrid
solutions, doing most of the work with the cryptography package, but
looking elsewhere for the actual pkcs11-operations.

I can easily enough grab the public key for the intermediate CA, build up
the cert etc, but when it’s time to sign it, things get more difficult.

The cryptography package often wraps openssl at a fairly high level, so the
actual signing call in `create_x509_certificate` expects an openssl
structure and a private key as input. That’s a bit of a challenge, since I
don’t actually have the private key, that being about half the point of
pkcs11.

One possible way to go could perhaps be to:
- Subclass Backend, replacing the `create_x509_certificate`-method
- In “my” version, replace the `self._lib.X509_sign`-operation with simply
DER-encoding the cert, allowing use of the pkcs11-module for the actual
signing
- Bring the signature back into the cert structure

In order to do that though, I’d probably need `ASN1_item_i2d` or similar,
which doesn’t seem to be exposed in cryptography.

Would be interesting to hear if any of you have any good suggestions for
solving this either using cryptography or another package.

Terje Elde

_______________________________________________
Cryptography-dev mailing list
Cryptography-dev at python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20171214/707348c5/attachment.html>