Tools are provided to create your own certificates and also to use the certificates you have created in SSL communications. The information in this article should be valuable in understanding the certificate format and useful if you need to work with certificate parsing, SSL implementations or fuzzing of the related technologies.

PEM, DER and ASN1

First, ASN1. It is a language to describe the format of a data structure, that is, how many fields, what types, etc. From wikipedia:

Abstract Syntax Notation One (ASN.1) is a standard and flexible notation that describes data structures for representing, encoding, transmitting, and decoding data

ASN1 has allows structures to be of two broad types, complex structures or simple types. Complex structures define objects made of other objects. Simple types are used when fields can be represented by native types: INTEGER, UTCTIME, BIT STRING, etc.

For instance the ASN1 description of a x509 certificate is as follows:-

Certificate ::= SEQUENCE {
    tbsCertificate          TBSCertificate,
    signatureAlgorithm      AlgorithmIdentifier,
    signature               BIT STRING
    }

Without entering too much into detail, the above structure says that our certificate is a complex object (SEQUENCE) that is made of a three different fields. Two of them are in turn complex structures (TBSCertificate and AlgorithmIdentifier) and one is of an ASN1 native type (signature is of type BIT STRING). Other sections of the x509 ASN1 definition will describe the structure of the TBSCertificate and AlgorithmIdentifier classes. See the References section for full details.

ASN1 is a high-level language and it is also human readable. However, when we want to use the information described in the ASN1 notation, for instance inside a TCP packet, we need to encode our message as a string of bits. This is where BER (Basic Encoding Rules) and DER (Distinguished Encoding Rules) come into play.

The difference between BER and DER is that with BER a single piece of information can be encoded in multiple ways and DER is a restriction of the BER rules to ensure that there is only one possible encoding for a given information.

Each field in the ASN1 description is encoded using the following pattern:

[TAG_TYPE], [TAG_LENGTH], [TAG_CONTENTS]

Each ASN1 type has a corresponding TAG_TYPE value. For instance, the SEQUENCE tag is 0×30, the INTEGER tag is 0×02, etc. Consult the References for a full list.

The tag length can be encoded using the short or the long form. If the length of the contents is under 127 characters, then the sort form is used, otherwise, the long form is used. The sort form has the 8th bit set to 0 and the remaining 7 bits represent the length of the contents. The long form has the 8th bit set to 1 and the remaining 7 representing the number of additional bytes required to represent the length of the contents. Examples:

0x16, // CHAR STRING
  0x09,  // 0x09 = 9 bytes
    // 'U', 'S', 'E', 'F', 'U', 'L', 'F', 'O', 'R'
    0x55, 0x53, 0x45, 0x46, 0x55, 0x4c, 0x46, 0x4f, 0x52

0x30,  // SEQUENCE
  0x82, 0x01, 0x13   // 0x113 = 275
  // SEQUENCE CONTENTS
  0x30,  0x82, 0x01, 0x07, [...] // and 271 additional bytes

In order to create a valid x509 certificate we only need to DER encode the different fields of the ASN1 description using the TAG, LENGTH, CONTENTS format.

Finally PEM is the Base64 encoded version of a DER encoded certificate. Usually PEM certificate files contain a section for the private key and a section for the certificate as shown below:-

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBg [... more base64 encoded data ...]
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICDTCCAgGgA [... more base64 encoded data ...]
-----END CERTIFICATE-----

Certificate generation

There are at least three different options to generate a certificate. First is to use the openssl req command (check the certificates HOWTO).

Other option is to use x509.rb, a ruby wrapper around OpenSSL. This would be more useful for instance in a context where you need to create lots of certs (i.e. when fuzzing).

And finally you could always create a certificate by hand, crafting the appropriate DER-encoded ASN1 sequences. This again is something I would like to invest some time into but that unfortunately did not have the time to do this time. If you want to explore this path, the documents in the References section should get you kick started.

Simple web server

To test the new certificate, the easiest way is to use open ssl:

openssl s_server -cert [certificate]  -accept [port number] -www

However, if you want to use a broken or malformed certificate openssl would refuse to load it. The are a few options. First, since the server certificate is sent in the second packet of the SSL handshake (server hello) you could always create a small script that listens for the client hello and replies with the malformed package. You could possibly use scapy for that (I hope to look into this in the future).

The other option is to download OpenSSL and patch the function that puts the SSL certificate into the wire. The idea is that you run openssl and point it to a valid certificate in the command line but then hard-code the one you want to use so the command line is ignored.

The function name we are interested in is ssl3_output_cert_chain inside ssl/s3_both.c and the structure you want to modify is buf->data.

References

• http://en.wikipedia.org/wiki/X.509
• http://en.wikipedia.org/wiki/Basic_encoding_rules
• What Your Mother Didn’t Tell You About PEM, DER, PKCS:
  • http://net.educause.edu/ir/library/pdf/PKI0505.pdf
• A Layman’s Guide to a Subset of ASN.1, BER, and DER
  • ftp://ftp.rsa.com/pub/pkcs/ps/layman.ps
• RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  • http://tools.ietf.org/rfc/rfc5280.txt

miniconomics.com is an easy-to-use tool designed to manage your personal expenses that we have been developing over the last few months. The key benefits of the tool at this point in time:

• It is alive, changing every day, release early, release often. miniconomics.com is under a never ending churning process.
• It is simple, a no brainer, you have categories and you have expenses, you put expenses in your categories and miniconomics.com gives you all sorts of useful information, stats and nice shinny graphs.
• Is accessible, forget about maintaing a spreadsheet with your data in your home computer or laptop. Use an online service, use it no matter where you are, no matter when, just log in and add your expenses.
• It is as geek as a tool can be. We are still developing it and we are keen on trying all sorts of approaches. We have some cool toughts on plugins and addons that we will be developing in the future. Give us your feedback and let us know what you do you want out of the tool, chances are we will develop it!
• miniconomics.com is free, free to use, free to register, free to enjoy, free to everything

I hope you decide to give it a try (you don’t have to register for a test drive) and let us know what you think. And of course if you like it, just spread the word.

After years of thinking about, writing about, and filtering messages, I’ve decided that the best strategy for me is to not filter spam, but instead to filter non-spam

The full article at Reverse Spam Filtering: “Winning Without Fighting” by Nancy McGough.

One morning, exactly at sunrise, a Buddhist monk began to climb a tall mountain. A narrow path, no more than a foot or two wide, spiraled around the mountain to a glittering temple at the summit. The monk ascended at varying rates of speed, stopping many times along the way to rest and eat dried fruit he carried with him. He reached the temple shortly before sunset. After several days of fasting and meditation he began his journey back along the same path, starting at sunrise and again walking at variable speeds with many pauses along the way. His average speed descending was, of course, greater than his average climbing speed. Prove that there is a spot along the path that the monk will occupy on both trips at precisely the same time of day.

As for the second question, the sort answer is that chances are that you really do not need one but for the shake of the experiment lets get our hands dirty!

First of all, I need to clarify that my interest in this topic was also risen by the fact that Verisign has switched to a two-tier hierarchy of Certificate Authorities, and this has some implications specially in the configuration of web server software:

“As of April 2006, all SSL certificates issued by VeriSign require the installation of an Intermediate CA Certificate. The SSL certificates are signed by an Intermediate CA using a two-tier hierarchy (also known as trust chain) which enhances the security of your SSL Certificate. If the proper Intermediate CA is not installed on the server, your customers will see browser errors and may choose not to proceed further and close their browser.” (boldface is mine)

This means that while the users do not need to modify anything (if their browser already has Verisigns Root CA certificate) the server owners need to ensure that the server is able to provide the so called trust chain to the users’ browser when the SSL handshake is performed.

Never mind, lets get back to it. In order to get your Intermediate CA working, first you need a Root CA (if you already have a CA, feel free to skip the next section). Remember that in order to get this working you need to have a copy of the openssl toolkit installed in your system.

Configure the Root CA

<br />
mkdir /var/ca<br />
cd /var/ca/<br />
mkdir certs crl newcerts private<br />
echo "01" > serial<br />
cp /dev/null index.txt<br />
# beware that the location of the sample file is dependent on your environment<br />
cp /usr/lib/ssl/openssl.cnf .<br />

You may want to modify some of the settings in the configuration file to save you some time in the future when creating the certificates: default_bits, countryName, stateOrProvinceName, 0.organizationName_default, organizationalUnitName and emailAddress.

Now you are ready to create the CA:

<br />
# generate a private key<br />
openssl genrsa -des3 -out private/cakey.key 4096<br />
# create a self-signed certificate valid for 5 years<br />
openssl req -new -x509 -nodes -sha1 -days 1825 -key private/cakey.pem -out cacert.pem<br />
# go for the default values if you adapted the settings in the openssl.cnf file or enter the values you desire<br />

Now you have everything you need to run a successful CA.

Configure an Intermediate CA

The idea is simple, we will create a new CA following the same template that we used in the previous section, but this time instead of generating a self-signed certificate we will generate a certificate sign request that we will sign using the Root CA.

First we create the folder structure:

<br />
cd /var/ca/<br />
mkdir ca2008<br />
cd ca2008<br />
cp ../openssl.cnf .<br />
mkdir certs crl newcerts private<br />
echo "01" > serial<br />
cp /dev/null index.txt<br />

Then the Intermediate CA private key:

<br />
#generate the key<br />
openssl genrsa -des3 -out private/cakey.pem 4096<br />
#generate a signing request (valid for 1year)<br />
openssl req -new -sha1 -key private/cakey.pem -out ca2008.csr<br />
# go for the default values if you adapted the settings in the openssl.cnf file or enter the values you desire<br />

Move the sign request to the Root CA directory and sign it:

<br />
mv ca2008.csr ..<br />
cd ..<br />
openssl ca -extensions v3_ca -days 365 -out ca2008.crt -in ca2008.csr -config openssl.cnf<br />
mv ca2008.* ca2008/<br />
cd ca2008/<br />
mv ca2008.crt cacert.pem<br />

And that was it. The next thing to do is start using your Intermediate CA to sign your new certificates. But just before that, remember that
to verify a certificate signed by an Intermediate CA the web browser has to verify both the certificate against the Intermediate CA and the certificate of the Intermediate CA against a Root CA.

In order to allow the browser to do this, a certificate chain file needs to be installed in the server. A certificate chain is a plaintext file that contains all the certificates from the Authority issuing a given certificate up to the Root of the certificate tree. In this case our chain has only two levels and the chain file is created like this:-

<br />
# first the intermediate CA certificate<br />
cat cacert.pem > chain.crt<br />
# then the Root CA cert<br />
cat ../cacert.pem >> chain.crt<br />

This file is the one you need to specify in the SSLCertificateChainFile of your server.

Create a new server certificate

<br />
# make sure you are in the Intermediate CA folder and not in the Root CA one<br />
cd /var/ca/ca2008/<br />
# create the private key<br />
openssl genrsa -des3 -out {server_name}.key 4096<br />
# generate a certificate sign request<br />
openssl req -new -key {server_name}.key -out {server_name}.csr<br />
# sign the request with the Intermediate CA<br />
openssl ca -config openssl.cnf -policy policy_anything -out {server_name}.crt -infiles {server_name}.csr<br />
# and store the server files in the certs/ directory<br />
mkdir certs/{server_name}<br />
mv {server_name}.key {server_name}.csr {server_name}.crt certs/<br />

Then you should securely copy the .key and .crt files to the server and configure it to use them.

Apache server configuration

Just in case you are using Apache server and for the shake of completeness, these are the settings that you need to modify (possibly in your extra/http-ssl.conf):-

<br />
SSLCertificateFile /var/ca/ca2008/certs/{server_name}.crt<br />
SSLCertificateKeyFile /var/ca/ca2008/certs/{server_name}.key<br />
SSLCertificateChainFile /var/ca/ca2008/chain.crt<br />

References

• SSL/TLS Strong Encryption: FAQ
• Creating Your Own CA
• Be your own Certificate Authority
• Very brief introduction to create a CA and a CERT

As an example we are going to resize /dev/sda1 from 200G to 50G. Since the partition is the primary /root we need to use a rescue disk to boot the system, I used BackTrack from a USB stick (Howto:USB Stick).

1. use tune2fs to remove the journal from your ext3 partition:

   tune2fs -O ^has_journal /dev/sda1

   Now the partition is effectively an ext2 file system.

2. use “resize2fs /dev/sda1 50G” to resize the file system.
3. use fdisk to resize the partition: delete the old partition (no data will be lost! :twisted:). Create a new one of the desired size (exercise caution see below). Save changes.
4. use “resize2fs /dev/sda1” (no size this time) to resize the file system to the maximum available.
5. use tune2fs to add the journal agai:

   tune2fs -j /dev/sda1

   This turns the partition back to ext3.

Regarding the new size for the partition, it is important to allocate enough physical space to support the file system. I used the formula recommended by [2]:

We multiply the amount of blocks from the resize2fs output (1536000) by the size of a block (4k), and to go sure the partition is big enough, we add 3 to 5% to it (3% was enough for me, but if you want to go sure take 5%):

1536000 * 4k * 1.03 = 6328320k

The interesting number is the first one, and you can get it by looking at the output of resize2fs on step 2. You just need to specify that number when asked by fdisk (step 3) for the last cylinder of the new partition. Again from the same reference:

Last cylinder or +size or +sizeM or +sizeK (1-1247, default 1247): +6328320K

Note that this is not the vaule I used (I forgot to write it down), but I guess that this number depends on the hardware and the important bit is to learn how to apply The Formula.

References

This post consists of 100% recycled information, credit goes to:

• [1] Another resize ext3 problem
• [2] How To Resize ext3 Partitions Without Losing Data

Last minute note

Support for ext3 was added to resize2fs in version 1.19, more than 7 years ago. There is no reason to convert to ext2 first unless you are running a REALLY old system.

So you may avoid steps 1 and 5 if your resize2fs supports ext3.

Download an uncompress

cd /usr/local/src/
wget http://mirror.public-internet.co.uk/apache/httpd/httpd-2.2.4.tar.gz
tar -xvvzf httpd-2.2.4.tar.gz
wget http://uk2.php.net/get/php-5.2.3.tar.gz/from/this/mirror
tar -xvvzf php-5.2.3.tar.gz

Install software
Required by Apache:

apt-get install gcc make libc6-dev libc-dev \
linux-kernel-headers libssl-dev zlib1g-dev

Required by PHP:

apt-get install g++ g++-4.1 libfreetype6 \
libfreetype6-dev libgd2-noxpm libgd2-noxpm-dev \
libjpeg62 libjpeg62-dev libmysqlclient15-dev \
libpng12-0 libpng12-dev libstdc++6-4.1-dev \
libxml2 libxml2-dev

Tweak Apache
Get rid of the server banner, edit /usr/local/src/httpd-2.2.4/include/ap_release.h:

define AP_SERVER_BASEVENDOR "nomejortu"
define AP_SERVER_BASEPROJECT "nmt server"
define AP_SERVER_BASEPRODUCT "server"

Configure, compile and install

cd /usr/local/src/httpd-2.2.4/
./configure --disable-info --disable-autoindex \
--disable-include  --disable-userdir --disable-status \
--disable-imagemap --disable-cgid --disable-cgi \
--disable-proxy --enable-ssl=static \
--enable-rewrite=static --enable-dir=static \
--enable-unique_id=static --enable-so
make
make install

With the previous configure line we are removing modules that either disclose too much information or we do not need (wach out! you may need some of them). All inluded modules are statically linked to the binary. The only dynamic modules that we will be using are the mod_php and mod_security.

• –disable-info, –disable-status: we don’t need server info or status at all.
• –disable-autoindex, –disable-userdir: no automatic directory listings, no username enumeration through the /~ technique.
• –enable-dir: redirect malformed urls (requests to directories without trailing slash) and the DirectoryIndex directive.
• –disable-include, –disable-imagemap : no server side includes or image maps handled by the server.
• –disable-cgid, –disable-cgi : no cgi interfaces.
• –disable-proxy, –enable-ssl, –enable-rewrite: disable the proxy capanility, enable SSL and the rewrite engine.
• –enable-unique_id: needed for mod_security (see below).
• –enable-so:

Configure apache
In apache2’s configuration file (/usr/local/apache2/conf/httpd.conf) append:

# server banner
ServerSignature  Off
ServerTokens  Prod
# disable TRACE requests
TraceEnable off

If needed, add the index.php as a default file to DirectoryIndex directive on Line 165:

DirectoryIndex index.php index.html

In the same way, if you need virtual hosts enabled, uncomment the line 386 (or equivalent):

Include conf/extra/httpd-vhosts.conf

Add your options to that file. And if you need SSL support, uncomment the line 398 (or equivalent) of the same file:

Include conf/extra/httpd-ssl.conf

Change ownership of the htdocs and remove unnecessary files and folders:-

chown daemon.daemon /usr/local/apache2/htdocs/ -R
rm -rf /usr/local/apache2/htdocs/*
rm -rf /usr/local/apache2/cgi-bin/*
rm -rf /usr/local/apache2/icons

If you want your server to start at boot time, issue the following commands:-

rm /etc/init.d/apache2
ln -s /usr/local/apache2/bin/apachectl /etc/init.d/apache2
update-rc.d apache2 defaults

Be careful because if you have configured SSL with a certificate whose private key requires a pass phrase, the system will request the pass phrase and wait upon restart.

PHP
Not much on the PHP side. Download and compile:

cd /usr/local/src/php-5.2.3
./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/include/mysql --with-config-file-path=/etc --with-gd --with-zlib-dir=/usr/lib/

make
make install

• –with-apxs2: compile a module for apache2 in the specified location.
• –with-mysql: .enable mysql support.
• –with-config-file-path: .specify where you want the php.ini config file.
• –with-gd: .the graphical library if you need it.
• –with-zlib-dir: .use system’s zlib (downloaded from packages).

Although the php installation adds the LoadModule line, but you still need to edit apache configuration file (httpd.conf) and add the following:

AddType application/x-httpd-php .php .phtml

Modify the DirectoryIndex directive if you want the server to default to index.php when a directory is requested.

mod_security
Download:

cd /usr/local/src/
wget http://www.modsecurity.org/download/modsecurity-apache_2.1.2.tar.gz
tar -xvvzf modsecurity-apache_2.1.2.tar.gz
cd modsecurity-apache_2.1.2/apache2/

Edit the Makefile to adjust the following lines (compile mod_security with Apache’s version of the pcre library):

top_dir      = /usr/local/apache2
INCLUDES = -I /usr/include/libxml2 -I /usr/local/src/httpd-2.2.4/srclib/pcre/

Compile and install:

make
make install

Copy the default rule set to apache directory and include them in the main apache configuration file:

cp -r /usr/local/src/modsecurity-apache_2.1.2/rules/ \
/usr/local/apache2/conf/modsecurity

In /usr/local/apache2/conf/httpd.conf add the following lines:

LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf

In order to enforce the rules (by default mod_security would simply log requests that matched the rules), go to each and single file and change the SecDefaultAction to:

SecDefaultAction "phase:2,log,deny,status:400"

The End: up and running
Last but not least do not forget to remove software that you no longer need! No compilers or development libraries should remain in the sever.

First software needed to compile Apache:

apt-get remove --purge binutils cpp cpp-4.1 gcc-4.1 \
libssp0 make gcc libc6-dev libc-dev \
linux-kernel-headers libssl-dev zlib1g-dev

And also the one needed for PHP:

apt-get remove --purge libxml2-dev libfreetype6-dev \
libgd2-noxpm-dev libjpeg62-dev libpng12-dev libgd2-dev \
libmysqlclient15-dev g++ g++-4.1 libstdc++6-4.1-dev

Remove all the sources that we have used:

rm -rf /usr/local/src/*

And of course:-

/usr/local/apache2/bin/apachectl start

References

• Apache 2.0 Hardening Guide

After some research I found a set of scripts that actually do what I want (credit goes to Heiner Steven). The bad news is that this is not a full-bash solution. The scripts use the metasend command to send files as MIME atachments.

This is a easy two-step process. First, you need to install the metamail (this is the name of the Debian GNU/Linux package) in your box. Then grab this two scripts (sendfile, getmimetype). The first one does the call to metasend. From it’s usage information:

usage: sendfile [-f] [-s subject] [-m mimetype] recipient file ...
    -f:  force sending of mail even for invalid recipients
    -s:  subject of the mail message
    -m:  mime-type (i.e. "application/octet-stream")

Multiple files may be specified. If no mimetype was given,
it is determined via a call to "getmimetype".

And you are ready to go.

#!/bin/bash

for foo in `ps aux | grep $1 | awk '{print $2}'`;  do kill -9 $foo; done

Just run: matar <program name> and that’s it. They are all gone.