0

Could someone please help explain the following comment from Why was the private key of the Superfish certificate so easily extractable?

The main issue with private key extraction is the use of the same root certificate on each install. It should be autogenerated (Fiddler does it) so the private key is specific to your computer.

I am researching the Lenovo SuperFish adware and I had originally thought our browsers only have a copy of the public keys of each installed CA - do we also have a personalized unique private key associated with each CA public key installed?

Community
  • 1
phillipsk
  • 121
  • 2
  • 5
    No. You only have public part of CAs certs in your browser while the private key is always secret and well guarded. – Aria Jul 23 '16 at 02:33
  • If you read the rest of the answers, they do a good job explaining this. A self-signed cert was used. – user2320464 Jul 23 '16 at 04:01
  • 2
    (@Aria) CA privatekey _should_ be restricted and guarded; the big problem with Superfish (beyond an OEM installing an interceptor in the first place) is that all copies of Superfish used the same privatekey and thus reverse-engineering one copy allowed deceiving all the other systems. – dave_thompson_085 Jul 23 '16 at 04:20

1 Answers1

1

IIRC, and I could be wrong, This is because it was using self signed certs that were generated psuedo on-the-fly. Because of this, if you reverse engineer the interception mechanism you could extract the private key

Nick Mckenna
  • 507
  • 2
  • 8