So I’ve read much about People implementing Public Key Pinning and suggesting all different ways of going on about it, but they all require many manual steps which are hard to automate - and isn’t that one of the Challenges Let’s Encrypt strives to improve?
Naturally all that Complexity is based on the sane reason of keeping the backup keys far away from the actual webserver which may get compromised, as not to be vulnerable to kidnapping and ransom attacks (Hey, we have all your Private/Public-keys you pinned under our control - give us money or your users won’t be able to visit your site).
So what i’m proposing is some way of automated and securely storing Backup key-Pairs for Pinning and retrieving them at a later Time when needed.
Right now we’re having the awesomeness of automated Certificate Signing brought to us by the ACME Protocol. So let’s build on that to automate Key Pinning - Let’s Pin!
When Requesting our Certificate we’re in Fact generating a Key-Pair, CSR and submitting that to the LetsEncrypt CA, which then validates our Request and (hopefully) responds with a signed Certificate.
Now consider the following:
Why not generate some Backup-Keys in the Background. Possibly at least two of them with different Algorithms at that. Now together with it’s new Certificate the ACME Client gets the Public Key Portion of the created Backup Keys. A Smart ACME Client like CertBot could then generate the SHA256 Hashes of these and configure the HPKP-header in Apache/Nginx. Meanwhile, on the CA side of Things, these Backup-Keys will get encrypted and securely stored far away from the (potentionally vulnerable) Webserver.
But… what happens if I actually need one of my backed up Private Keys, there must be some sort of retrieval Mechanism, and an secure one at that, since i don’t want anyone unauthorized to access these (say, some evil hacker-dude who just got into my webserver)? That’s where i’m not sure what’s most wise yet… Perhaps an ACME Call which is supplied with the Public Key (or it’s SHA256-Sum) and accompanying Mail-Adress which must be the same one used for initially registering the Certificate. Then an Mail gets send with an Validation Link, which upon clicking presents a One-Time Token which can then be used on the ACME Client to actually retrieve the stored Private Key.
After that: Business as usual, we’ve got our Backup Key, generate a CSR with it, off goes a fresh new ACME request which now generates the next round of Backup Keys - after all the next vulnerability is sure to come…
So, if you’ve read this far: Thank you for your endurance, for this is only a very wild idea I’ve had just now. As I’m not the most competent Person when it comes to such delicate Things, I’m hoping to attract some technical expertise here to tell me if I’m actually on to something or that just sounds like a horrible Idea (if so, what are you proposing then?)
Many thanks for your Feedback and hoping to have a lively Discussion!