5

I read this question on the process of generating a private S/Mime key. I looked at Comodo - which offer free e-mail certificates. I'm trying to find out whether Comodo generates the private encryption key on their servers or whether it was generated locally.

The Mozilla-FAQ reads as follows:

To obtain certificate from an authority: Browsers such as Firefox, MSIE, Opera, Safari and so forth contain cryptotools capable of generating public/private keypairs. When signing up for a certificate with an authority, their website triggers your browser to create a keypair and transmit to them the public key, which is then certified. For this reason, when you return to pick up your completed certificate (typically a few minutes later), it is mandatory that you do so with the same browser on the same computer . You will otherwise not possess the private key necessary for pickup.

I just requested my certificate in Safari and picked it up in Chrome - and it worked (the private key is in my keychain).

The wording in all the comodo e-mail and FAQs is a bit opaque (or I haven't found the right spot yet):

"Simply click on the button below to collect your certificate."

Is this process always done locally, or is there some way to confirm that the private key generation was done locally?

And besides that:

1. Would you know a provider besides Comodo (who have a bit of a bad security track record) to provide free S/MIME certification that is universally root-trusted?

2. Would you know one that costs some money with a better record/documentation/where you know how the key is generated?

Thanks a lot!

Community
  • 1
Matthias
  • 51
  • 2

1 Answers1

4

If you go to Comodo's page for the free S/MIME certificate, you may have a look at the "Subscriber agreement" which includes, in section 3.1, the following:

The Subscriber's web browser will automatically generate a Private Key/Public Key pair during the signing up process.

So it seems that the process involves a locally generated key pair, as it should.

Trying out the process, I see the following:

  • A window from my browser briefly appears, talking about key pair generation.
  • An email is sent, saying that I may "collect" the certificate at a specific Web URL, with the collection password (included in the email). The email includes the sentence: "NOTE: We strongly recommend that you export your certificate to a safe place in case you need to reload it later."
  • If I try to collect the certificate with a different browser, that browser complains about the lack of a corresponding private key.
  • If I inspect the HTML source code of the collection page, I see a piece of JavaScript which includes a Base64-encoded PKCS#7 object (aka CMS), which includes my certificate but no private key (there is no standard for putting a private key in a PKCS#7 object).

So I can confidently claim that the private key was generated in my browser, not on Comodo's servers. The cross-browser test is the most definite here: if the private key was generated server-side, it would have worked. But all the other elements strongly hint at the same conclusion.

Community
  • 1
Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • 1
    Possible exception: Browsers that use shared certificate storage; for example, IE and Chrome on Windows (use Windows cryptoapi) or Google Chrome and Chromium and *maybe* Epiphany on Linux (use ~/.pki/nssdb). – user1686 Aug 24 '13 at 06:55