NTS - lesson in certificates/keys please

[Achim Gratz]

[resent, first try was never posted to the list]

Hal Murray via devel writes:
> Could somebody give me a lesson in certificates and keys?

A key is something random or very close to random that is used as a
parameter to a crypt algorithm to either/or encrypt plaintext to
ciphertext and decrypt ciphertext to plaintext.  A key that is used for
both directions is called a symmetrical key and must be kept secret.  If
you have separate keys (a key pair) for encryption and decryption, one
of them is still kept secret (the private key) and the other gets
published (the public key).  Ciphertext encrypted by the private key can
be decrypted by the public key.  Conversely, ciphertext encrypted with
the public key can be decrypted by the private key.

A certificate is a cryptographically authenticated set of at least one
public key, metadata that describes the origin and intended uses for
this key (often called the "principal") and metadata concerning the
certification itself.  The crux is that the certificatation authority
providing the certificate needs to be verified as well, which is why
certificate verification ends up checking a chain of certificates al the
way up to some root certificate authority.

> What sort of certificates do we need for testing?  Where do we get them

The only certificate that is required is the one for the TLS connection
to the NTS-KE.  It could be a self-signed one for testing purposes.

> I think the NTS-KE-server needs the private key for the certificate(s) it 
> supports.

The principal in a certificate needs to be effectively in the possession
of the private key corresponding to the certified public key.  You prove
that to the certifier by being able to decrypt a random message that was
encrypted with the public key that gets certified.  In other words, you
possibly don't need to know the actual private key, as long as you can
produce ciphertext with it -- that's what HSM do.  The signing private
key would only be required if you wanted to be able to produce your own
certificates.

> Should we put it in a separate process so bugs in ntpd can't expose 
> the private key?

They key material should always be kept isolated.  I think that all
relevant OSes have API for doing that.

> That also allows us to write NTS-KE-server in a HLL.

Most certainly.

> There is an interesting corner case.  Telco companies like to put spares on 
> the shelf and expect them to work 10 years later.  How often do root 
> certificates roll over?

The root certificates would have to be updated (they have a long
lifetime, but it can still happen).  Anything using crypto must be
prepared to change keys, certificates and even algorithms.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves