[Cryptography] On the deployment of client-side certs
thierry.moreau at connotech.com
Tue Nov 15 14:25:32 EST 2016
On 15/11/16 10:08 AM, Jerry Leichter wrote:
> A system based on a client-side certificate consists of the following on the client side:
> 1. A private/public key pair;
> 2. Secure storage of the private key;
> 3. Secure computation of a signature using the private key;
> 4. Delivery of the public key along with appropriate signed material.
> Both steps 2 and 3 represent the key implementation requirement: A secure mechanism to hold and apply a private key.
> Given the hardware necessary to do that, wouldn't it be easier, more efficient, and less likely to leak identity information to use it to implement a password-authenticated key agreement protocol like SRP? Note that the "password", being stored in the secure hardware rather than the user's head, can be an arbitrary bitstring.
About identity information leakage, the first SRP message sent from the
client to the server includes plaintext identity, isn't it?
About password being stored on an hardware token, then the SRP password
secret turns into a long term discrete logarithm private authentication
key. With this understanding, SRP enrollment with a server becomes
equivalent to registering a unique public key for each server.
I do not know which exact scheme is easier and more efficient.
Nonetheless, SRP with user-remembered password spares "secure mechanism
to hold a private key" but requires a "secure mechanism to apply a
private key." If you afford a secure hardware token, the SRP main
benefit appears less relevant.
- Thierry Moreau
More information about the cryptography