Digitally sign PSKC data

PSKC files can be integrity protected and authenticated using XML Digital Signatures. We support using a X.509 end-entity certificate together with a private key. To verify the signature, you will need to supply the issuer of the end-entity certificate as a trusted root. To illustrate this, we first show how to generate example root and end-entity private keys and certificates using GnuTLS. First generate the root private key and certificate:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
jas@latte:~$ certtool --generate-privkey --outfile pskc-root-key.pem
Generating a 2432 bit RSA private key...
jas@latte:~$ certtool --generate-self-signed --load-privkey pskc-root-key.pem --outfile pskc-root-crt.pem
Generating a self signed certificate...
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.
Country name (2 chars):
Organization name:
Organizational unit name:
Locality name:
State or province name:
Common name: My PSKC root
UID:
This field should not be used in new certificates.
E-mail:
Enter the certificate's serial number in decimal (default: 1350939670):


Activation/Expiration time.
The certificate will expire in (days): 100


Extensions.
Does the certificate belong to an authority? (y/N): y
Path length constraint (decimal, -1 for no constraint):
Is this a TLS web client certificate? (y/N):
Will the certificate be used for IPsec IKE operations? (y/N):
Is this also a TLS web server certificate? (y/N):
Enter the e-mail of the subject of the certificate:
Will the certificate be used to sign other certificates? (y/N): y
Will the certificate be used to sign CRLs? (y/N):
Will the certificate be used to sign code? (y/N):
Will the certificate be used to sign OCSP requests? (y/N):
Will the certificate be used for time stamping? (y/N):
Enter the URI of the CRL distribution point:
X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 5085b416
	Validity:
		Not Before: Mon Oct 22 21:01:11 UTC 2012
		Not After: Wed Jan 30 21:01:13 UTC 2013
	Subject: CN=My PSKC root
	Subject Public Key Algorithm: RSA
	Certificate Security Level: Normal
		Modulus (bits 2432):
			00:d3:cf:07:f9:75:df:61:91:a4:a9:e2:a6:54:fa:48
			b1:70:8c:a1:83:4e:ce:fa:01:d7:01:96:7a:5f:57:27
			1a:5a:fb:02:f4:50:b5:40:b6:67:8a:63:e3:60:8f:ed
			6e:9d:40:df:46:0d:8c:42:31:d9:74:08:f9:7d:48:fc
			e2:21:2e:fe:fd:e1:02:55:54:b5:6e:57:f8:5f:a0:8c
			81:5e:ca:5c:bd:64:41:5d:71:b5:81:84:1b:dc:36:75
			cc:19:62:19:f1:36:ed:00:98:13:5c:ce:3b:8c:ba:f9
			7f:9f:21:20:c2:0d:08:4e:e5:08:ad:5c:83:4e:c3:7c
			2a:4d:e0:7c:45:d2:b6:b9:42:8b:de:48:5f:60:2d:2e
			18:a7:f5:da:81:cf:24:d6:de:6d:31:07:63:20:d9:5e
			7c:ba:88:fa:1b:d8:98:3c:ab:05:4e:ca:a8:60:8d:6e
			9c:13:35:01:23:82:53:36:5b:e1:01:62:7f:ce:41:d1
			74:67:1b:f8:60:4b:87:e4:2c:52:6a:0a:67:4c:0d:27
			80:2d:6d:f7:2e:6f:2e:12:fb:d2:09:dc:d9:11:b1:b8
			c0:a4:34:00:3b:a0:87:c7:f2:2f:7f:30:6a:b6:c7:f1
			96:fc:6f:de:df:40:ac:2b:1a:d7:24:18:ae:1a:d7:8a
			4b:6b:a8:93:36:af:72:0e:93:15:30:47:fa:58:8a:4e
			97:86:14:a0:ef:84:46:5f:b4:a1:cd:98:d5:eb:97:fb
			4e:94:10:08:ba:c6:3f:57:0d:ef:1b:1b:21:af:4a:bd
			e7
		Exponent (bits 24):
			01:00:01
	Extensions:
		Basic Constraints (critical):
			Certificate Authority (CA): TRUE
		Key Usage (critical):
			Certificate signing.
		Subject Key Identifier (not critical):
			1f2507c525358817404c90b7f36e3b97dbbec098
Other Information:
	Public Key Id:
		1f2507c525358817404c90b7f36e3b97dbbec098

Is the above information ok? (y/N): y


Signing certificate...
jas@latte:~$

Next we generate a private key and certificate for the end-entity that will sign the PSKC data.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
jas@latte:~$ certtool --generate-privkey --outfile pskc-ee-key.pem
Generating a 2432 bit RSA private key...
jas@latte:~$ certtool --generate-certificate --load-ca-privkey pskc-root-key.pem --load-ca-certificate pskc-root-crt.pem --load-privkey pskc-ee-key.pem --outfile pskc-ee-crt.pem
Generating a signed certificate...
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.
Country name (2 chars):
Organization name:
Organizational unit name:
Locality name:
State or province name:
Common name: My PSKC end entity
UID:
This field should not be used in new certificates.
E-mail:
Enter the certificate's serial number in decimal (default: 1350939833):


Activation/Expiration time.
The certificate will expire in (days): 50


Extensions.
Does the certificate belong to an authority? (y/N):
Is this a TLS web client certificate? (y/N):
Will the certificate be used for IPsec IKE operations? (y/N):
Is this also a TLS web server certificate? (y/N):
Enter the e-mail of the subject of the certificate:
Will the certificate be used for signing (required for TLS)? (y/N): y
Will the certificate be used for encryption (not required for TLS)? (y/N):
X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 5085b4b9
	Validity:
		Not Before: Mon Oct 22 21:03:54 UTC 2012
		Not After: Tue Dec 11 21:03:57 UTC 2012
	Subject: CN=My PSKC end entity
	Subject Public Key Algorithm: RSA
	Certificate Security Level: Normal
		Modulus (bits 2432):
			00:c4:4c:2b:8d:33:29:14:0f:4b:49:f5:8e:0c:f6:5b
			9f:0f:e3:17:aa:c5:77:8d:d4:64:16:c4:d4:4d:7d:04
			2d:0d:14:78:77:ba:4c:3c:bd:5c:46:9e:d0:24:b9:bb
			3d:92:2c:21:29:c3:e6:ea:5f:4e:e7:2e:60:c6:0e:0e
			fe:a3:ac:94:e9:0e:bf:84:8f:3b:db:97:45:2b:72:58
			07:0b:1f:5a:4e:b3:c6:e4:99:32:8a:56:a7:40:6e:a5
			93:62:99:9d:eb:5e:64:20:8a:bc:de:4d:9e:e3:62:22
			b4:6f:c8:50:c1:09:42:a8:90:c1:76:75:57:05:ab:b0
			f9:f6:e8:26:73:23:45:c4:3e:31:2b:3a:d0:23:db:42
			d7:1b:d2:57:be:16:cc:71:4d:2b:b1:4f:59:88:0f:29
			9f:ff:b8:05:4a:f7:8f:c6:c4:cb:a0:77:6d:0b:35:5b
			35:7a:ad:d3:d7:1b:b4:dd:dc:d8:a0:8d:ab:fb:c0:ab
			ec:1b:37:47:0b:06:d9:14:1f:f2:fc:bb:3d:ed:2d:5e
			b4:a5:cb:ec:4e:ab:ba:52:02:40:21:a6:8e:3e:3b:78
			0f:a7:73:62:30:4b:05:72:2a:71:1a:81:31:d5:e4:c4
			12:e9:7e:95:a2:9c:1f:53:2f:bb:f0:33:ce:37:c4:58
			fc:da:35:2b:09:18:3c:94:21:d3:7d:d9:d9:b0:ce:d0
			b9:c8:77:b5:e1:ce:9b:83:7c:e5:84:7d:4e:64:5f:c0
			2b:db:1a:0e:06:47:e4:24:44:ed:14:05:49:6f:17:78
			e3
		Exponent (bits 24):
			01:00:01
	Extensions:
		Basic Constraints (critical):
			Certificate Authority (CA): FALSE
		Key Usage (critical):
			Digital signature.
		Subject Key Identifier (not critical):
			0d8aed9f4ed4e2c3e12f7ca45fc6e8c8f56bb9c2
		Authority Key Identifier (not critical):
			1f2507c525358817404c90b7f36e3b97dbbec098
Other Information:
	Public Key Id:
		0d8aed9f4ed4e2c3e12f7ca45fc6e8c8f56bb9c2

Is the above information ok? (y/N): y


Signing certificate...
jas@latte:~$

At this point, we have the following files:

Let's use these files to digitally sign the following PSKC data, stored in a file "pskc-hotp.xml".

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<?xml version="1.0" encoding="UTF-8"?>
<KeyContainer Version="1.0"
	      xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
  <KeyPackage>
    <DeviceInfo>
      <Manufacturer>Manufacturer</Manufacturer>
      <SerialNo>987654321</SerialNo>
    </DeviceInfo>
    <Key Id="12345678"
         Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
      <AlgorithmParameters>
        <ResponseFormat Length="8" Encoding="DECIMAL"/>
      </AlgorithmParameters>
      <Data>
        <Secret>
          <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
          </PlainValue>
        </Secret>
        <Counter>
          <PlainValue>0</PlainValue>
        </Counter>
      </Data>
    </Key>
  </KeyPackage>
</KeyContainer>

The --sign mode flag requires the --sign-key and --sign-crt which specify the private key and certificate to use for signing.

1
2
$ pskctool --sign --sign-key pskc-ee-key.pem --sign-crt pskc-ee-crt.pem pskc-hotp.xml > pskc-hotp-signed.xml
$

Below is the signed XML output. As you can see, due to the signature it becomes rather unreadable. You may use "pskctool --info" to analyse it, or "pskctool --info --verbose --quiet" to print indented XML (however that will invalidate signature).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?xml version="1.0"?>
<KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0"><KeyPackage><DeviceInfo><Manufacturer>Manufacturer</Manufacturer><SerialNo>987654321</SerialNo></DeviceInfo><Key Id="12345678" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"><AlgorithmParameters><ResponseFormat Encoding="DECIMAL" Length="8"/></AlgorithmParameters><Data><Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret><Counter><PlainValue>0</PlainValue></Counter></Data></Key></KeyPackage><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference>
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>scw48LN8ec/vu7/f7F1AGcfjDpI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>HYDZFC205862s+zoas+Ny6h0ckDJmqDGz81lEPjvjGcN1AYzT7PATsIUVure0QNl
Kvt2TxdSDgnYlWwAJWjAtmp0UHRzF6hsmDl7WiHpeCkfxpwvdz8K469rbLPUwB6I
Zyfx/msTwJGbycPek9SFoaEqn8G7oNU59UH1HjDO0ERyKXhkiIrRaIWfGdqy4v0z
xYbPnAvzdHcEBdVOVQ3d+zeR/3nWGINjmxPnYGiCrY4YoktKm/VPNw3yuo3CNTIs
N4Vs4rjNVr7NcplFKLOmBBsQwKRg3JXnVW7kQu9ZonJyJEeDoNXdrG8uCa7EYT+s
eh6486o/Wvb7oUVbUN3JW5VRTnVK8YNOwAnxB1fTa92pJwffLB+knBlzVNteWCyA
BciIcboYbMdxLVmNKcF5pA==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDdzCCAi+gAwIBAgIEUOYFHTANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDEwxN
eSBQU0tDIHJvb3QwIhgPMjAxMzAxMDMyMjI0MzBaGA8yMjg2MTAxOTIyMjQzMlow
HTEbMBkGA1UEAxMSTXkgUFNLQyBlbmQgZW50aXR5MIIBUjANBgkqhkiG9w0BAQEF
AAOCAT8AMIIBOgKCATEAxEwrjTMpFA9LSfWODPZbnw/jF6rFd43UZBbE1E19BC0N
FHh3ukw8vVxGntAkubs9kiwhKcPm6l9O5y5gxg4O/qOslOkOv4SPO9uXRStyWAcL
H1pOs8bkmTKKVqdAbqWTYpmd615kIIq83k2e42IitG/IUMEJQqiQwXZ1VwWrsPn2
6CZzI0XEPjErOtAj20LXG9JXvhbMcU0rsU9ZiA8pn/+4BUr3j8bEy6B3bQs1WzV6
rdPXG7Td3Nigjav7wKvsGzdHCwbZFB/y/Ls97S1etKXL7E6rulICQCGmjj47eA+n
c2IwSwVyKnEagTHV5MQS6X6VopwfUy+78DPON8RY/No1KwkYPJQh033Z2bDO0LnI
d7XhzpuDfOWEfU5kX8Ar2xoOBkfkJETtFAVJbxd44wIDAQABo2EwXzAMBgNVHRMB
Af8EAjAAMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFHYGbZIa17d44czfdCkT
Mn+rWSBNMB8GA1UdIwQYMBaAFNLIhrjU/J0jWFX4rjsfsUkz1PQcMA0GCSqGSIb3
DQEBCwUAA4IBMQCxI1JOMqwgi/mj9KNutqGbTHdgKptt9lBylilwjMaNaY2lZe8S
5XNg9SoupGr1xBbMsDwWLILSuwPiedbn50fBpAAUW31WKKio6xRCJVmWeo0iY0Cr
rIXbwqKhnBP943U4Ch31oEbZtbo+XRbiq11wv6dLNsi76TNGDqsjTKgEcSIYI6Vd
rMxnil6ChoIBvSSPGHhJuj1bW1EPW92JtIa6byrAj1m4RwSviQy2i65YoIdtrhRt
CWekj2zuL/0szv5rZMCCvxioOCA8znqELEPMfs0Aa/cACD2MZcC4gGXehNCvzYJr
TmB6lFpxP6f0g6eO7PVcqYN9NCwECxb5Cvx2j2uNlereY35/9oPR6YJx+V7sL+DB
n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature></KeyContainer>