I want to the pin the public key of my server so that any request made to the server has to have that public key (this is to prevent proxies like Charles sniffing the data).
I had done something similar in Android with Volley.
How can I do the same with Flutter?
Create your client with a SecurityContext with no trusted roots to force the bad certificate callback, even for a good certificate.
SecurityContext(withTrustedRoots: false);
In the bad certificate callback, parse the DER encoded certificate using the asn1lib package. For example:
ASN1Parser p = ASN1Parser(der);
ASN1Sequence signedCert = p.nextObject() as ASN1Sequence;
ASN1Sequence cert = signedCert.elements[0] as ASN1Sequence;
ASN1Sequence pubKeyElement = cert.elements[6] as ASN1Sequence;
ASN1BitString pubKeyBits = pubKeyElement.elements[1] as ASN1BitString;
List<int> encodedPubKey = pubKeyBits.stringValue;
// could stop here and compare the encoded key parts, or...
// parse them into their modulus/exponent parts, and test those
// (assumes RSA public key)
ASN1Parser rsaParser = ASN1Parser(encodedPubKey);
ASN1Sequence keySeq = rsaParser.nextObject() as ASN1Sequence;
ASN1Integer modulus = keySeq.elements[0] as ASN1Integer;
ASN1Integer exponent = keySeq.elements[1] as ASN1Integer;
print(modulus.valueAsBigInteger);
print(exponent);
Key rotation reduces risk. When an attacker obtains an old server hard drive or backup file and gets an old server private key from it, they cannot impersonate the current server if the key has been rotated. Therefore always generate a new key when updating certificates. Configure the client to trust the old key and the new key. Wait for your users to update to the new version of the client. Then deploy the new key to your servers. Then you can remove the old key from the client.
Server key pinning is only needed if you're not rotating keys. That's bad security practice.
You should do certificate pinning with rotation. I have added example code in How to do SSL pinning via self generated signed certificates in flutter?
Related
I am new to SWIFT, iOS as and Cryptography. Please bear with me. I am unable to load external keys in the iOS keychain in Swift 5. I came across several posts in Stackoverflow and other sites about the difficulty in loading keys into an iOS keychain.
My goal is to establish an SSH connection to a remote SFTP server using port 22, the public key and user name credentials. As of now, a firewall rule allows connection to the server using NMSSH (from GIT), but I am unable to authenticate without public keys exchanged between i-phone and Windows server. I generated key pairs from my Swift project several times and sent public key to Windows server admin to add it to my user name in SSH setup. All attempts by the admin failed with server lockouts. So finally he generated a key pair in the server using puTTYGen, added the public key to my user name and sent the key pair to me to add to an iOS keychain.
I exported the private key to OpenSSL in puTTYgen and converted it to base64 encoded string before using it in RSAUtils in GIT (https://github.com/btnguyen2k/swiftutils). The process works but returns SecKey as Nil. Looks like the key never made it to the keychain.
Before using this GIT code, I tried several times to use secItemAdd. The code works and shows like taking the key, but returns Nil as SecKey value in SecItemCopyMatching.
I also ventured into adding Objective-C in Swift by creating a .h header, a .m file and a bridge for the .m code in http://blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios/. Same issue. I get a Nil after the above .m completes and returns a value.
The private key I am dealing with has header and footer -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----. I can see characters like +, / etc in the key suggesting that it is not base64, so I used a String extension to convert it.
func toBase64() -> String {
return Data(self.utf8).base64EncodedString()
The code:
// added to use GIT code
// https://github.com/btnguyen2k/swiftutils.git
// variable declared at class level
var pKeyContents: String = ""
func addKeys2() {
let tag: String = "com.mail.private"
// if let path = Bundle.main.path(forResource: "PKeyWOHeader", ofType: "txt") // I tried this first after manually removing header and footer ("BEGIN ....KEY AND "END ... KEY" etc). It didn't work
if let path = Bundle.main.path(forResource: "ExportAsOpenSSL", ofType: "") // This one is a dump of puTTYgen export to openssl of private key
{
do {
let contents = try String(contentsOfFile: path)
pKeyContents = contents
}
catch {
print("Contents could not be loaded")
return
}
} else {
print("File not found")
return
}
let myData = pKeyContents.data(using: String.Encoding.utf8)
let encoded = pKeyContents.toBase64()
//let instanceOfObjCKeyFix = ObjCKeyFix()
//privateKeyAsData = instanceOfObjCKeyFix.stripPublicKeyHeader(myData)
// stringFromData = String(decoding: privateKeyAsData!, as: UTF8.self)
// Above lines were an attempt to use Objective C code from
// http://blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios/.
// This was also returning nil value
do {
try privateKey = RSAUtils.addRSAPrivateKey(encoded, tagName: tag)
print(privateKey as Any) // returns nil
} catch {
print("error)")
}
}
My goal is to load keys from outside to iOS keychain. I also tried sending public key created by using CryptoExportImportManager() suggested in https://digitalleaves.com/blog/2015/10/sharing-public-keys-between-ios-and-the-rest-of-the-world/. Like I said before, my Windows server admin reports server locks while attempting to load such keys.
Any help is appreciated.
Thanks
I am updating this with my own answer. After several weeks of trying two solutions referred in above links (Digital Leaves and Flirble.org), I could get connected and authenticated to a Windows server using NMSSH from an I-phone 7. I couldn't use I-phone keychain to store externally generated keys. It was too tedious. The best I could get to was add a private key to keychain, but it always returned Nil when I tried to retrieve it.
I followed connection steps recommended in NMSSH, used cocopod, added to framework and added libraries. While using NMSSH sessions class, I used the method with in memory keys option. The important point is to leave public key parameter blank and provide private key and password for private key.
I've got the following code...
var credential = GoogleWebAuthorizationBroker.AuthorizeAsync(new ClientSecrets
{
ClientId = "<< MY CLIENT ID>>",
ClientSecret = "<<MY CLIENT SECRET>>"
},
new[] { "https://www.googleapis.com/auth/gmail.readonly" },
"<<EMAIL ADDRESS>>",
CancellationToken.None,
new FileDataStore("Mail2.Auth.Store")).Result;
using (var client = new ImapClient())
{
// THE CODE FAILS ON THIS NEXT LINE
client.Connect("imap.gmail.com", 993, SecureSocketOptions.SslOnConnect);
client.Authenticate("<<EMAIL ADDRESS>>", credential.Token.AccessToken);
}
When run, the code fails on the indicated like with AuthenticationException: The remote certificate is invalid according to the validation procedure.
I initially thought that is was 'cos the account had 2-step authentication on. So, I set up another account ensuring it just used the regular authentication settings and I got the same error.
I have found a number of posts, here and elsewhere, that deal with this exception but they seem to deal with the issue of working with the SmtpClient() and here, as you can see from the code, I'm getting the error with the ImapClient().
Can anyone suggest what it is that may be the cause of the error? Is it GMail? MailKit? .NET? All of the above?
The problem is that your system does not accept the GMail's SSL certificate.
You can override client.ServerCertificateValidationCallback.
A very simple example of a solution might look like this:
client.ServerCertificateValidationCallback = () => true;
Obviously that means that if anyone ever spoofed imap.gmail.com, your software would get caught in a MITM attack, so that's not ideal.
You'll likely want to match the certificate's thumbprint against a known thumbprint or else add the certificate to your local certificate store and assign a trust level to it.
I am trying to call and consume my own api which is in the same solution as my mvc app, all the request by default are forced to run on https:
I am doing the following:
using (var client = new HttpClient())
{
var productDetailUrl = Url.RouteUrl(
"DefaultApi",
new { httproute = "", controller = "ProductDetails", id = id },
Request.Url.Scheme
);
var model = client
.GetAsync(productDetailUrl)
.Result
.Content.ReadAsAsync<ProductItems>().Result;
return View(model);
}
however I get the following error:
The remote certificate is invalid according to the validation procedure
I know that I can by pass this issue using the following but this is a security risk in a production environment.
ServicePointManager
.ServerCertificateValidationCallback +=
(sender, cert, chain, sslPolicyErrors) => true;
It seems your working with a non trusted authority, probably self signed.
You can install the self signed certificate into your trusted CA store.
Here is a link that explains how to do that.
If its already trusted then I guess your API and web app have 2 different domain names and the certificate is issued to only one of them. in that case you might need to issue a wild card certificate to work with www.example.com (you're web) or (api.example.com).
I am trying to decrypt paymentData property of PKPaymentToken object upon a successful Apple Pay authorization.
I am trying to follow the instruction here, but I am stuck on step 2 of the decryption steps, which says:
Use the value of the publicKeyHash key to determine which merchant
public key was used by Apple, and then retrieve the corresponding
merchant public key certificate and private key.
How do I do that?
Please advise.
Thanks!
Here's how to compute the publicKeyHash in Ruby, given the Apple Pay certificate file downloaded from the Apple Developer Center.
require "base64"
require "digest"
require "openssl"
# set cert_file = path to the downloaded Apple Pay .cer file
cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
# strip off the "-----BEGIN PUBLIC KEY-----" line at the start of the string
pem = cert.public_key.to_pem.split("\n").drop(1)
# strip off the "-----END PUBLIC KEY-----" line at the end of the string
pem = pem.take(pem.length - 1)
decoded = Base64.decode64(pem.join)
public_key_hash = Digest::SHA256.base64digest(decoded)
The value of the publicKeyHash field is...a hash of your public key. As per the documentation, it's a SHA-256 hash of the X.509 encoded public key bytes of the merchant's certificate. You use this to determine which merchant identifier was used to sign the payment data (you probably only have one merchant identifier, in which case you'll already know which one is being used).
AIR allows to inject code using Loader.LoadBytes()
this allows to download remote plugins as swf files which will have full access to everything that the AIR application has access to. This imposes a security risk, so it would be desirable to digitally sign the swf's.
What's the best way to do this and to verify the code signature?
I know the as3corelib has some encryption functionality and also for X.509 certificate - but I didn't find a ressource explaining how to use it. Also, maybe there's some 'official' way to codesign SWF's?
One robust method is using public key encryption, which goes something like this:
You will need an asymmetric encryption algorithm (eg, RSA), and a hash algorithm (eg, SHA, MD5).
Generate a public-private key pair.
Generate and checksum of the data using the hash algorithm.
Encrypt the checksum with the private key using the encryption algorithm. This becomes the "signature".
Send the data to the client along with the signature.
Decrypt the signature on the client with the public key to obtain the original checksum.
Generate a checksum from the data on the client.
Compare the checksums. If they match, then you know that the data came from you without alterations. If they do not match then you know the data was altered after it was sent from you, or it came from someone else.
See http://en.wikipedia.org/wiki/Public-key_cryptography
An attacker can bypass this security if they are able to intercept the connection and modify the original client SWF file and either change the public key, or remove the security mechanism entirely. Use TLS or SSL to prevent attackers intercepting the data.
An x.509 certificate is little more than a public key bundled with some meta-data. The standard also specifies a mechanism for validating the certificate, by relying on a certificate authority (CA) (see http://en.wikipedia.org/wiki/X.509).
The AS3Crypto library provides (amongst other things), an implementation of RSA, MD5, and an x.509 parser (see http://code.google.com/p/as3crypto/).
Here is some code. The signing process entails computing the hash of the data, then signing it with the private key to produce a signature, eg:
var rsa:RSAKey;
var md5:MD5;
var data:ByteArray = getSWFBytes();
var signature:ByteArray = new ByteArray();
var originalHash:ByteArray;
// read private key
rsa = PEM.readRSAPrivateKey(private_key);
// create the checksum of the original data
md5 = new MD5();
originalHash = md5.hash(original);
// encrypt the data using the private key
rsa.sign(data, signature, original.length);
The data and signature are sent to the client. The client decrypts the signature using the public key stored in the cert and compare it to the computed hash of the data, eg:
var rsa:RSAKey;
var md5:MD5;
var data:ByteArray = getSWFBytes();
var signature:ByteArray = new ByteArray();
var decryptedHash:ByteArray = new ByteArray();
var clientHash:ByteArray;
// load the certificate
var cert:X509Certificate = new X509Certificate(public_cert);
// get the public key from the cert
rsa = cert.getPublicKey();
// decrypt the signature with the public key
rsa.verify(signature, decryptedHash, encrypted.length);
// create a hash of the data
md5 = new MD5();
clientHash = md5.hash(data);
// compare the hashes
// isEqual compares the bytes in the input byte arrays, it returns true only of all bytes in both arrays match
if (isEqual(clientHash, decryptedHash))
trace("signature valid");
else
trace("signature invalid")
You can check if the certificate is signed like this:
var store:X509CertificateCollection = new MozillaRootCertificates();
var cert:X509Certificate = new X509Certificate(public_cert);
var isValid:Boolean = cert.isSigned(store, store);
You can load the raw SWF bytes like this:
var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.BINARY;
loader.addEventListener(Event.COMPLETE, completeHandler);
loader.load(new URLRequest(url_of_swf_to_load));
Example x.509 private key (usually created when you apply for a certificate):
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDoKlLzpJeLcoPYQQYPa0diM4zpZ+0rKeRxhx9ssq91DzwAeSmM
7wT03WLiLZkqPt2MS3uNo75zK5RtmjHqF6Ojfs2tbSdlCK5tpisvOAssuq0o5vIz
g/MhS2PIijnBtVB9XFSTXxhveKeIq1VgdB2wHW95+zhBF+Z1hsYcNRRFFwIDAQAB
AoGAI8wK2EhjmXvBuoFkJtJ6wjiCnKaKmiIueBbGkKMIjLsZnFUSRAnCsOLF0WwI
dswUqwIkfdVmkymADFo/IgIdF9hLGNLRskIPKGZWEUC8d5ZJnRg+nuzi2c2msN5u
/BvCCgL5/shBhO5KvrPbU/Fbs/k4saCDQZ2EO4HpueRZWGkCQQD6hC0pTfyW4yQT
Qr/dY7FhOwdOh/8ewGyXBa9ruOuZqTR23Ya20O8NuF22+NqW9AZl7uioiTZyZkOV
jqAckelrAkEA7T9QVdK+QcaQSznrZPJpXlSIDLSBRWjaPKBoypnNTF3y3JkUQE0L
iA0c2oUc8D+LCgx9vA0Ai0IzwzrIec+iBQJAJb5YV4rKbalXPBeodKCajv2nwis3
QtjXA4H1xhMcXBBkOSxzKYQdIEIQzIp91JR7ikwOfaX+sAm8UQImGWfadQJAMAb4
KVePQluDDGd+OqJEKF9uZzwHS1jNjSZf8FuwTrxaFMQ8cEPoiLM22xnFYPFMIU2k
CnSLXqWZOvVkbhxVTQJAL3xIc5AUbhsEp7ZeeJrkPRv5rCObmLw0+wIaERtMX83b
PNM0TpzY6EXk+geTCqudAipYF/A7qn38wpOh+PuuVg==
-----END RSA PRIVATE KEY-----
Example cert:
-----BEGIN CERTIFICATE-----
MIID4zCCA0ygAwIBAgIJAL7k5X3sCvniMA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
FDASBgNVBAoTC2h1cmxhbnQuY29tMRcwFQYDVQQLEw5hczMgY3J5cHRvIGxpYjEY
MBYGA1UEAxMPSGVucmkgVG9yZ2VtYW5lMSgwJgYJKoZIhvcNAQkBFhloZW5yaV90
b3JnZW1hbmVAeWFob28uY29tMB4XDTA3MTEwNTA1MjUyOVoXDTA4MTEwNDA1MjUy
OVowgagxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQH
EwhTYW4gSm9zZTEUMBIGA1UEChMLaHVybGFudC5jb20xFzAVBgNVBAsTDmFzMyBj
cnlwdG8gbGliMRgwFgYDVQQDEw9IZW5yaSBUb3JnZW1hbmUxKDAmBgkqhkiG9w0B
CQEWGWhlbnJpX3RvcmdlbWFuZUB5YWhvby5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAOgqUvOkl4tyg9hBBg9rR2IzjOln7Ssp5HGHH2yyr3UPPAB5KYzv
BPTdYuItmSo+3YxLe42jvnMrlG2aMeoXo6N+za1tJ2UIrm2mKy84Cyy6rSjm8jOD
8yFLY8iKOcG1UH1cVJNfGG94p4irVWB0HbAdb3n7OEEX5nWGxhw1FEUXAgMBAAGj
ggERMIIBDTAdBgNVHQ4EFgQU/XyNp2QghYm3MWOU5YoUoFWcTKMwgd0GA1UdIwSB
1TCB0oAU/XyNp2QghYm3MWOU5YoUoFWcTKOhga6kgaswgagxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEUMBIGA1UE
ChMLaHVybGFudC5jb20xFzAVBgNVBAsTDmFzMyBjcnlwdG8gbGliMRgwFgYDVQQD
Ew9IZW5yaSBUb3JnZW1hbmUxKDAmBgkqhkiG9w0BCQEWGWhlbnJpX3RvcmdlbWFu
ZUB5YWhvby5jb22CCQC+5OV97Ar54jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4GBABsXUJjiRAz+FeiVq4JMSBWeiiGcXTw+8sNv8SfWaWx3su+AgooKlBn3
nsGKf3BEDdmJCOSgY0+A5Pce9SRoAMhabHKwoLEogrtp2p8vRj2OTMjWBW7ylrxj
FvUpFdc8qFaqTtgH6+JiIYllGFlcsSV+6d9fDPaFDZEHjz5GweWJ
-----END CERTIFICATE-----
Both examples were taken from as3crypto.