1

Imagine that we have an x509 cert (if it matters, in .pem format) and a key supposed to certified with it.

How can I validate, that the cert certifies exactly that key?

My impression is that it is enough to examine that the cert and the key have the same pub key. I think it is because this is the only shared information between them. However, I am not sure.

Is it enough?

What happens if a possible attacker, having access to the cert, simply re-writes the pubkey part in it?

(Note, the validation of the cert is a different thing. Here I only want to be sure, that the cert certifies exactly that key.)

peterh
  • 2,938
  • 6
  • 25
  • 31
  • Q1 dupe https://security.stackexchange.com/questions/56697/determine-if-private-key-belongs-to-certificate and later but broader https://security.stackexchange.com/questions/73127/how-can-you-check-if-a-private-key-and-certificate-match-in-openssl-with-ecdsa – dave_thompson_085 Nov 29 '19 at 03:24

1 Answers1

4

How can I validate, that the cert certifies exactly that key?

A certificate does not "certify" a key. What you describe is to check if the private key matches the public key in the certificate and thus can be used to prove ownership of the certificate against a third party. And yes, it is enough for this to check that the public key you have in the key pair is exactly the same as the public key of the certificate.

What happens if a possible attacker, having access to the cert, simply re-writes the pubkey part in it?

In this case the issuers signature of the certificate will not match anymore and the validation of the certificate will fail.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • While I thank you the answer (up + accept given), I need to mention: yes, the certificate certifies a key in the sense, that it has the pubkey what can be compared to the pubkey in the key. – peterh Nov 28 '19 at 12:43
  • @peterhsaysreinstateMonica I think "_certificate certifies a key_" is, at best, the wrong way of looking at it, and at worst, meaningless (the certificate _contains_ a copy of the public key). The certificate certifies _something else_ (be it a URL in the case of a SSL/TLS certificate; or that some piece of code was written by a certain company, in the case of a code-signing certificate). The _public key_ (obtained either from a parent certificate or by being a "well known trusted root") certifies who it was that created the certificate. – TripeHound Nov 28 '19 at 14:33
  • @peterhsaysreinstateMonica Or are you asking: given a (potential) public / private key pair (what you may be calling "the key"), is it possible to verify that the those two keys actually _do_ form a public-private key-pair? And if so, does a certificate purporting to be signed using the private key help in this verification? – TripeHound Nov 28 '19 at 14:36
  • @TripeHound In the sense of my question, key means: "an x509 key file containing the public and the private keys". It is a different thing than the "public key" (what is, typically, mostly a big number and some params, existing both in the key file and in the cert file). – peterh Nov 28 '19 at 14:51