HTTP Public Key Pinning - Working With Backup Hash and Using Different CA

ErTnEc · April 20, 2017, 9:22am

Hi

I’m in the process of working through applying LetsEncrypt across multiple domains through HAProxy. So far it’s been quite an interesting challenge, especially given that most, if not all guides, are specific to nginx/apache and not much for HAProxy itself, those which do exist however are hit & miss and don’t really go into the exact level of detail, so I started from scratch, and now have a fully working implementation (which for the most part is now fully automated, including the addition of extra domains as required), except for being fully happy with the HPKP implementation.

So far, I’ve created the hashes for the LE Intermediate certs (X3 and X4 Backup), and this is where I’m now a little stuck.

I’ve created the hash from the (latest) cert created from LE using the following command:

openssl x509 -pubkey < /etc/letsencrypt/archive/tardis.io/cert3.pem | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

However, I’m unsure as to what to use as backup? As no backup cert is created or provided by LE during creation/renewal. When renewing, a new cert is created, and so I rehash against that & update the HPKP header which works fine from testing & checking, but again, I’ve no idea what key to use as backup.

Certs are being created/renewed with the following command:

/opt/letsencrypt/letsencrypt-auto --must-staple --agree-tos --rsa-key-size 4096 --renew-by-default --standalone --preferred-challenges http-01 --http-01-port 9999 certonly -d dom1 -d dom2

For now, I’ve used the previous key (cert2.pem) which is valid until July as the Backup cert, but I’d rather not have to request 2 certs during renewal just to have a backup (which goes against the ratelimit) as even though I have some san certs for multiple domains/sub domains, I do also require individual certs for specific subdomains only.

Qualys SSL Labs reports the PINS for the intermediate cert & leaf cert are pinned OK, and securityheaders.io also reports no issues with the headers, however, I just need the backup hash solution explaining a bit better.

Cheers

Osiris · April 20, 2017, 9:40am

Isn't it good HPKP practice to use another CA as the backup? In case something horribly goes wrong with the current pinned CA?

ahaw021 · April 20, 2017, 10:04am

hi @ErTnEc

You are hashing the public key representation of the web private key (the bit that actually does the encryption).

You can “stock” any number of keys and add them to your HPKP. If you have to issue a new certificate or revoke one this means that any clients will already know about the next key you are using.

At a minimum you need to have 2 hashes to an HPKP.

Certs are representation of keys but are not cryptographically significant in HPKP (so you can get a cert from any CA).

You can extract a hash from an existing Cert (if you don’t have access to a key) but generally you want to get the hash from stocked keys or stocked CSRs.

If you are starting with HPKP I would suggest that you run report only mode until you are comfortable and limit the pins for 1 day.

Review: https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

Andrei

system · May 20, 2017, 10:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.