0

I've been reading about how certificates are used to verify the owner of a public key in asymmetric encryption. Right now everything seems really theoretical to me and I'd like to know how this works in practice. For example, do sites you log into such as Facebook (or this one) use asymmetric encryption?

What I don't understand is this: the certificate claims e.g. Facebook is who they say they are, and once verified the public key can be extracted from it. Isn't this more of the roll of the DNS server? A user types in facebook.com and the DNS server is responsible for knowing facebook.com resolves to e.g. 1.2.3.4?

Some connections don't use DNS server you may say. For example a mail client may be setup to connect to a particular IP address. No problem. Then you should already know the IP address is the correct one: if it's not that's like saying you sent a package to the wrong address but are upset that the wrong person received it.

Last question, are the public keys usually not provided by the owner them self and actually the certificate authority (since according to here the public key is extracted from the certificate)? For example when I connect to Facebook is its public key given to me by DigiCert Inc, not actually Facebook?

Celeritas
  • 10,039
  • 22
  • 77
  • 144
  • You're right, to some extent it is DNS that should be responsible. This is where things are going. Look up DANE (keys in DNS) and how they are secured using DNSSec. – makerofthings7 Oct 22 '15 at 02:29

2 Answers2

1

do sites you log into such as Facebook (or this one) use asymmetric encryption?

Yes. Both actually. Regular TLS uses both asymmetric encryption (for the certificate part and to negotiate a bulk-encryption-key) and symmetric crypto (for the bulk encryption part). This combination is for speed, because the usual symmetric crypto here is about 100 times faster than the asymmetric part.

This combination is known as a Hybrid cryptosystem.

Isn't this more of the roll of the DNS server?

Yes and no. While you could do it that way, and while there are attempts to store (or at least mark) valid crypto keys directly in DNS, this is not (at least right now) the usual way of doing this.

What does that mean? One of several ways that a CA may check the validity of your claim to a particular domain-name is by sending you e-mail to the admin@-account of your domain.

And if somebody manages to insert themselves between the CA and their DNS server at that precise moment, they can fool the CA. So if someone has hijacked those wires (e.g. bribed employee, e.g. NSA's QUANTUM router exploitation program), then the CA may be fooled into issuing a certificate to them.

If that malicious actor then later uses the same man-in-the-middle-trick when a regular person visits the site with the stolen/misissued certificate they will get the green-lock and won't notice. (Unless extra care has been taken by the site operators against that. E.g. by pre-loading certain browsers with known-good site certificates.)

are the public keys usually not provided by the owner them self and actually the certificate authority (since [according to here][1] the public key is extracted from the certificate)? For example when I connect to Facebook is its public key given to me by DigiCert Inc, not actually Facebook?

No. While some CAs offer this as a convenience/service it's not required technically that they know both public-part AND private-part of the pubkey/privkey pair. (And I'd run screaming from a CA that made such an offer.)

Instead you send them the pubkey and have them sign (and know) just that.

StackzOfZtuff
  • 17,783
  • 1
  • 50
  • 86
  • Ok so a certificate may be signed by a CA, but the website stores it and issues it to a requester as needed, is that correct? – Celeritas Oct 19 '15 at 07:29
  • I'd add that the overwhelming majority of DNS queries don't use DNSSEC, allowing trivial DNS forgery by a MITM. Plus, DNS is frequently controlled by governments, and putting DNS and CA infrastructure in separate hands might be a good idea. That said, the CA model is pretty broken in that any one of hundreds of CAs can issue valid certs for any domain. – Stephen Touset Oct 19 '15 at 08:47
  • @Celeritas: "Shows" rather than "issues", but yeah. A certificate is a websites equivalent of an ID card. And the website shows it to anyone that wants to see it. For a good introduction to the topic I recommend watching one of videos on https://istlsfastyet.com/ and then reading the of that site. (If you're looking for an in-depth book: https://www.feistyduck.com/books/bulletproof-ssl-and-tls/ is excellent.) – StackzOfZtuff Oct 19 '15 at 10:05
  • How often do the CA's (re)issue the certificate: every request to the resource, every few days, every few months? – Celeritas Oct 19 '15 at 11:05
  • You give them money, they give (issue) you a certificate. You keep the certificate and use it until it expires. (Typically 1 year or 2.). Then you give them money again and they give you a spanking new cert. – StackzOfZtuff Oct 19 '15 at 11:12
  • "For example when I connect to Facebook is its public key given to me by DigiCert Inc, not actually Facebook?" — I think the OP was asking who sends it to the browser, not who generated the keypair. The certificate, including public key, is served by the webserver (Facebook), but that's not the full security story. If a certificate is compromised it can be revoked, and at that point only the CA can be trusted! Unfortunately all the current ways to check with the CA have technical flaws, and [many browsers ignore them](https://security.stackexchange.com/q/219443/31246). – Beni Cherniavsky-Paskin Jun 27 '21 at 13:34
0

Even if you get the correct IP address from the DNS server, you cannot be sure no one is listening unless you see a valid certificate. You could be using a proxy which may be untrustworthy. Or, in a local network, an attacker could use ARP poisoning to position themselves in the middle of your connection and you would be none the wiser.

Another example: it is standard practice in many companies to restrict web access for the employees, filtering malicious sites and/or non-relevant sites (such as facebook or porn). Some free wifi providers also block sites they deem bad (porn, warez, etc). Or you are using your tech-savvy friend's wifi who has a bit of a problem with respecting privacy.

Even if you get the correct IP of the site you want to visit, the owner of the network can still see what you are doing and modify your traffic unless it is encrypted. And to be sure the data has been encrypted by who you think, you need certificates.

Volker
  • 1,243
  • 8
  • 12