[Crypto] Do certificates need to be stored as encrypted?

Solution 1:

What is not so obvious is if the certificates used to verify a TLS connection should be stored as encrypted to. It is likely that the root level certificates will be self signed and have no chain back to a verified root CA.

As DannyNiu stated, there is no issue if someone were able to read the certificates; those are public information, and allowing an adversary to read them is not an issue.

However, there is a potential concern - what if an adversary can overwrite them? After all, an adversary who can do that could insert his own root certificate, and then establish a TLS connection (based on the root certificate he picked). This may or may not be a concern for you (can the adversary modify the flash, and then perform a negotiation?); if it is, one approach to prevent this would be to integrity check the certificate. That is, you would pick a random key, and put that into the internal flash memory; you would use that key to compute a MAC of your certificate; that generates a moderate sized (perhaps 32 byte) string, and write that string alongside the certificate in your external flash. Then, when it comes time to use the certificate, you would again compute the MAC of that on-flash certificate using the key, and check to see if the 32 byte string you computed was the same as the string that's stored in memory.

An attacker who tries to replace the certificate with his own is unable to compute the 32 byte string (because that depends on the key you have in secure storage); hence any attempt at modification will be detected.

Solution 2:

Certificates that contains public-keys don't need to be encrypted, as the public-key algorithm ensures that nobody can "decrypt" public-key into private keys.

However, there's a special type of certificate: PKCS#12. This is actually less of a certificate format, and more of a cryptographic "keychain" - it's a complex format and can contain public-key certificates, private keys (encrypted and un-encrypted), and if I remember correctly, auxiliary information such as attributes, etc.

Tags:

Public Key

Certificates

Related

[Crypto] Is it proven that breaking RSA is equivalent to factoring as of 2021? [Crypto] secp256k1: is it theoretically possible to generate same signature with different key, message hash and k? [Crypto] How to get exact number of slots in HElib? Such as 256, 4096 [Crypto] Is a LFSR sufficient for post-processing a biased TRNG? [Crypto] Is it possible that a SHA256 hash has the same hex character over and over again? [Crypto] Prime factorization (102 digits) [Crypto] Hash of a ciphertext [Crypto] Period finding for Quantum Computers [Crypto] Use slow hashing to reduce digest size? [Crypto] Why is the market for cryptographic primitives non-commercialized? [Crypto] Why are $\lceil 1/\operatorname{entropy-per-bit} \rceil$ number of bits not sufficient to generate an unbiased bit? [Crypto] Is there an encryption scheme that is url-safe AND compact?

Recent Posts