HashServer for Certificate Authorities

This is a public service to detect compromised, weak SSL/X.509 keys.

Hashserver offers the following functionality:

• It provides realtime information about the compromise of the keys in the certificate requests from your users
• It will inform you automatically (callback) when a compromise is detected later on.

Workflow

When a user submits a certificate request to your system, your system first does the normal request checking (Proof of Possession). Afterwards, your system should extract the public key, and calculate the hash of the public key. That hash is then sent to the hashserver automatically, and the hashserver responds with the status of the key, whether it is compromised or not. In case the key is definitley compromised, you can alert the user that the key has been compromised, and stop the process. In case the key is likely compromised, you can ignore it, or alert the user, ask the user to provide further input on how the key-generation happened, and let the user continue if he really wants to. (This could be needed in case the user knowingly submitted the same Certificate Request to several different CA's and really needs different certificates from different CA's for the same key) In case the key is known to be compromised yet, your system normally continues to issue the certificate for the user.

If the hashserver later on detects that the key of your user got compromised, it will contact your system through http/https (or smtp if you prefer emails), and inform you about the compromise. Your system will then lookup the key-hash and the pseudonym of your user, and can inform your user that the key was compromised, and that the user should generate a new key and revoke the certificate.

Privacy

The Hashserver only needs the hash of the public key of the certificate(request), and a pseudonym of the user that owns the key. You do not need to send the whole certificate requests, public keys, email addresses of your users, domains of your users, private keys of your users, or any other personal information.

Quality

To avoid false-positives, we will require strong authentication from all CA's, and an agreement that will be signed by all CA's. To avoid false-negatives, as many CA's as possible should use the HashServer.

Availability

Please tell us about your service-level demands, we are confident, that we can meet your needs.

Technical details

The Hashserver needs the following fields for every submission: Please read those descriptions carefully. If you have any questions, please contact us!

• POST http(s)://hashserver.cacert.org/submit.php
• type: Please set this to the value "CA" for all your submissions of keys that belong to your users. ! Do not use this interface for anything else than the certificate requests and certificates of your users. If you want to check other people's certificates, please go here instead.
• caname: This should be a unique name for your CA, that should be human readable. You must use the same name for all the submissions of your CA, to avoid false alerts. You could use the domainname (e.g. "cacert.org") of your CA to fill this field. This name will be displayed to other people in the case of a compromise like this: "A user of the CA 'CAcert.org' has the same key as yours.
• pkhash: This should be the hex-encoded SHA-1 hash of the DER encoded public key from the user out of the CSR or the certificate. It must have 40 characters, no colons or other whitespaces can be used.
• usernym: End-User Pseudonym. This must be a pseudonym of your user who sent you the CSR. You will be given this pseudonym when a collision is found, so that you can then contact the user about it. Do not write a pseudonym of the certificate in here, and do not send the same pseudonym for all of your users. When you report colliding keys with the same user-pseudonym, they will not be alerted. (So if you send the same request twice, this will not give an alert). If you report colliding keys with a different user-pseudonym, we will generate an alert for you. You can fill in a customer number or employee number in this field, or you can send a hash of the email address of your user, or a hash of the customer number, or something like that. But please make sure that you always send the same pseudonym for a key from the same user, and a different pseudonym for a different user, to avoid false alerts. This field will only be sent back to you, it will not be published by CAcert.
• contact: This address will be contacted in case a potential compromise is found later. Please write a complete URL, either http://server/script or https://server/script or mailto:email@address This address will not be shown to others. The contact URL must be either an email address or a http/https URL. In case of the email URL, you have to use the full "mailto:email@address.com" address, not just the email address. An email will be generated with the details in the content of the email. In case of a http / https URL, a POST request will be initiated to the URL, and the following POST parameters will be given:

Callback mechanism:

In case a collision is found later on, you will either receive an email or a HTTP POST request to the given contact address with the following parameters:

• pkhash : the hash of the public key that is compromised
• usernym : the user pseudonym of your user that is affected
• otherCA: the name of the CA that received the other compromised key

Software

You can download and use our script which extracts the public key hash from a certificate or CSR from a given filename, and automatically sends it to the hashserver and gets the result back.
You can integrate this script into your software, or you can take it as a reference and develop similar code into your own software.

We are currently working together with vendors of Certificate-Authority Software to integrate the Hashserver API into their products directly, so that your CA software can easily do it for you. If your CA software does not support HashServer yet, please contact your vendor and us about it.

If you need any help, feel free to contact us!

More information about this service: http://wiki.cacert.org/wiki/HashServer

This Hashserver is operated by CAcert.org