How let's encrypt handles randomness?

Neutralizer · November 7, 2017, 12:50am

Hello wonderful people!

Today I stumbled across this article and I am totally blown away by the technology that is used by cloudflare team to generate randomness

I would like to find out how let’s encrypt handles randomness for our private keys?

I use certbot application on my linux VM to generate SSL certs via Let’sencrypt.

Does this randomness handled by let’sencrypt’s HSM devices? OR by my poor little ubuntu server?

Please educate us on this topic

xoxox.

jared.m · November 7, 2017, 12:57am

Private keys are always generated on your system! It’s very important that the CA (or anybody else) never sees nor has access to your private keys. So, for generating those, it’s all your box.

jared.m · November 7, 2017, 12:57am

Also, that’s a really neat article, thanks for sharing!

schoen · November 7, 2017, 1:11am

I also think that CloudFlare’s method is really cool.

A certificate from Let’s Encrypt will mention the subject public key, which is the certificate applicant’s own public key. As @jared.m mentions, this is generated on your own system, by your own Let’s Encrypt client application, as a consequence of generating the corresponding private key. If you’re using Certbot, the key generation step takes place at

github.com

certbot/certbot/blob/master/certbot/crypto_util.py#L172


        csr = load(PEM, data)
    except OpenSSL.crypto.Error:
        raise errors.Error("Failed to parse CSR file: {0}".format(csrfile))


domains = _get_names_from_loaded_cert_or_req(csr)
# Internally we always use PEM, so re-encode as PEM before returning.
data_pem = OpenSSL.crypto.dump_certificate_request(PEM, csr)
return PEM, util.CSR(file=csrfile, data=data_pem, form="pem"), domains




def make_key(bits):
"""Generate PEM encoded RSA key.


:param int bits: Number of bits, at least 1024.


:returns: new RSA key in PEM form with specified number of bits
:rtype: str


"""
assert bits >= 1024  # XXX
key = OpenSSL.crypto.PKey()

This, in turn, is using the OpenSSL library to generate the key. OpenSSL will use your system’s built-in CSPRNG, typically accessed through /dev/urandom, for randomness when generating the private key. (I believe it uses its own internal CSPRNG which it seeds with data read from /dev/urandom.)

When Let’s Encrypt issues the certificate, it signs it using an HSM. The signature is made with Let’s Encrypt’s own private key, which was also originally created by the HSM, and used the HSM’s internal CSPRNG. There is some additional randomness added to each certificate (as required by industry rules in order to mitigate the impact of potentially unknown hash collision techniques), which you can find in the certificate serial number.

github.com

letsencrypt/boulder/blob/2f263f8ed51570fef113e1dcac3ad974ab484965/ca/ca.go#L472


	emptyCert := core.Certificate{}


	return emptyCert, berrors.InternalServerError("IssueCertificateForPrecertificate is not implemented")
}


type validity struct {
	NotBefore time.Time
	NotAfter  time.Time
}


func (ca *CertificateAuthorityImpl) generateSerialNumberAndValidity() (*big.Int, validity, error) {
	// We want 136 bits of random number, plus an 8-bit instance id prefix.
	const randBits = 136
	serialBytes := make([]byte, randBits/8+1)
	serialBytes[0] = byte(ca.prefix)
	_, err := rand.Read(serialBytes[1:])
	if err != nil {
		err = berrors.InternalServerError("failed to generate serial: %s", err)
		ca.log.AuditErr(fmt.Sprintf("Serial randomness failed, err=[%v]", err))
		return nil, validity{}, err
	}

This is using the Go language’s crypto/rand package.

https://golang.org/pkg/crypto/rand/

The Boulder CA also uses crypto/rand to generate large numbers of random numbers that are used extensively within the ACME protocol (for example, for random challenge values).

ahaw021 · November 7, 2017, 3:42am

true random number generators can be hard to find

There is a list on here https://en.wikipedia.org/wiki/List_of_random_number_generators

Secure sites (banks millitary etc) will use hardware dedicated for that purpose (rather than using CPUs on servers)

The one I have tinkered around with in the past is the Australian National University one https://qrng.anu.edu.au/API/api-demo.php

You can feed these in to OpenSSL for random number generation

Might write this up when i find the bits of code (now I am lazy and just use OpenSSL)

Andrei

system · December 7, 2017, 3:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.