All geek questions in one place

Is the supported encryption strength specified in SSL certificates?

I try to find an answer for this day all day. I have googled, asked people in the know, trawl sites for SSL certificate providers, etc. Etc. Perhaps my search few just fails today. Anyway...

All SSL certificate providers declare that their SSL certificates support the highest level of encryption. This high level to which they refer is 128 bits to 256 bits, not 40, 56, etc.

Now, as I understand it, there are two parts to SSL encryption. There is your asymmetric public key, which is usually set to 2048 bits. It is clear that this is in the SSL certificate, and its length is obvious. The other part is the symmetric encryption keys that are transmitted after the initial handshake. I do not see mention of this in any SSL certificates.

The decision to use a symmetric encryption algorithm is based on the encryption sets of the client (browser) and server. If they support 256-bit encryption, then it will be used.

I understand that in the 90s export restrictions were set, and exported browsers were limited to 40 bits. There were special workarounds for this, such as SGC certificates. This is still necessary for older browsers. Aside, a modern browser just supports 256 bits.

It seems to me that sellers who claim that their certificates support "high encryption" just say a white lie. Their certificates really support it, because it has nothing to do with the certificate itself (these days). Is this right, or am I completely from him a ball?

If I am really completely delusional, and symmetric encryption is indicated in the certificate, it should be possible to create a self-signed certificate that has this, right? Is it possible to create one that does not support strong encryption? This will help me understand if I can find instructions for this. Is it possible? I created a lot of self-signed certificates and signed a CSR with my own CA certificate, but I never saw any configuration where you indicate the encryption strengths supported.

Looking back at the world, it did not help. People talk about key strength in the context of symmetric keys (40, 56, 128, 256), or they talk in the context of asymmetric keys (512, 1024, 2048), but they never explain the difference to both. Someone on one forum will say that you need to get a 256-bit certificate, and then on the next forum, someone says that you need a 2048-bit certificate, although all SSL certificate providers claim that they only support up to 256 bits.

I get the impression that there is a lot of misunderstanding about how this works. This or all the misunderstanding in my poor head.

Sorry, it was so long, but I want to understand it.

Thanks,

Tom...

+6
source share
2 answers

OK, so I found the answer. Talk about how to answer your questions! My brain was too worn out on Friday, so I skipped this little tidbit.

From http://www.openssl.org/support/faq.html#USER14

  1. What is a 128-bit certificate? Can I create it using OpenSSL?

The term “128-bit certificate” is a very misleading marketing term. It does not apply to the size of the public key in the certificate! A certificate containing a 128-bit RSA key will have minor security.

There were other names, such as "magic certificates", "SGC certificates", "increase certificates", etc.

Usually you can’t create such a certificate using OpenSSL, but you no longer need it. Currently, web browsers use unlimited for example, strong encryption.

When there were strict restrictions on exporting strong encryption software from the USA, only weak encryption algorithms could be free (initially 40 bits, and then 56 bits). It was widely recognized that it was inadequate. The weakening of the rules allowed the use of strong encryption, but only on an authorized server.

Two very different technologies have been developed to support this: one used by Netscape, called "step up", the other used by MSIE, called "Server Gated Cryptography" (SGC). When the browser is initially connected to the server, it will check whether the certificate contained certain extensions and was issued by an authorized authority. If these tests were successful, he would reconnect to strong encryption.

Only certain (initially one) certification authorities can certificates, and they usually cost more than ordinary certificates.

Although OpenSSL can create certificates that contain the appropriate extensions, the certificate will not come from authorized permissions and therefore will not be recognized.

Subsequently, the export laws were amended, which allowed for virtually unlimited use of strong encryption, so these certificates are outdated.

This confirms what I ask. There is currently no “added support” for high strength encryption, as it is by default. Using suppliers on all websites is just a marketing thing. Do not lie, but without the need to draw attention to the default values, such as its feature.

+5
source

I think all your comments are correct. When the "highest level" of security is provided, it seems to me that this is largely a marketing gimmick. Otherwise, the security force has something to do with how carefully the CA verifies / confirms your claimed identity. Any CA that sends certificates, such as sweets, actually offers very little security. However, this reflects a procedural safety element, not a technical one.

I agree with you, I don’t think there is a way to indicate the expected or required symmetric key size. Of course, it is possible to indicate which use to which the key is applicable (file signature, SSL, etc.), But this is also not the same as the security force.

0
source

Source: https://habr.com/ru/post/899848/

More articles:


All Articles