SSL Presentation - NY PHPnyphp.org/resources/PHP-SSL-Apache-Security.pdf · SSL Presentation 1....
Transcript of SSL Presentation - NY PHPnyphp.org/resources/PHP-SSL-Apache-Security.pdf · SSL Presentation 1....
[Presentation]
http://www.nyphp.org/content/presentations/SSL/[9/12/2009 6:56:15 PM]
SSL Presentation1. Practical SSL With Apache and PHP
2. Part I: The Players
3. Basics: Hashing
4. Basics: Symmetric Encryption
5. Basics: Asymmetric Encryption
6. Certificates
7. Certificate Authorities
8. Transport Layer Security
9. TLS: What It Does
10. TLS: The Handshake Protocol
11. TLS: Server Handshake Response
12. TLS: Server Certificate
13. TLS: Server Certificate Verification
14. TLS: Root Certificates
15. TLS: Failed Verification
16. TLS: Client Handshake Response
17. TLS: Handshake Wrapup
18. TLS: Record Protocol
[Presentation]
http://www.nyphp.org/content/presentations/SSL/[9/12/2009 6:56:15 PM]
19. TLS: Record Protocol (cont'd)
20. Apache's mod_ssl
21. OpenSSL
22. PHP's OpenSSL Support
23. The Big Picture
24. Part II: SSL-enabled Webservers
25. HTTPS Requirements
26. Using PHP to simplify PKI
27. A Local Certificate Authority
28. A New Server Certificate
29. Global SSL Directives
30. A Passphrase Dialog
31. Apache Per-host SSL Directives
32. Cipher Suite
33. Cross Your Fingers
34. Revoking A Server Certificate
35. Part III: Application Level SSL
36. Example: Stored Secrets
37. Class openSSL
38. Signing
39. Encrypting
[Presentation]
http://www.nyphp.org/content/presentations/SSL/[9/12/2009 6:56:15 PM]
40. Decrypting
41. Verifying
42. Checking The Key Passphrase
43. Parsing X.509 Data
44. Discussion
45. Thank You!
46. Resources
47. Download
[Presentation] Practical SSL With Apache and PHP
http://www.nyphp.org/content/presentations/SSL/welcome.html[9/12/2009 6:56:20 PM]
Contents | Next
Practical SSL With Apacheand PHP... and OpenSSL, mod_ssl, X.509 Certificates.
Chris Snyder and Mike SouthwellNew York PHP22 November 2005
[Presentation] Part I: The Players
http://www.nyphp.org/content/presentations/SSL/part1intro.html[9/12/2009 6:56:27 PM]
Contents | Previous | Next
Part I: The PlayersCryptography basics
Certificates
Transport Layer Security
What you need:
mod_SSLOpenSSL toolkitPHP --with-openssl
[Presentation] Basics: Hashing
http://www.nyphp.org/content/presentations/SSL/hashing.html[9/12/2009 6:56:30 PM]
Contents | Previous | Next
Basics: Hashingnot reversiblehas native PHP support
md5( 'hello' ) : 5d41402abc4b2a76b9719d911017c592sha1( 'hello' ) : aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
[Presentation] Basics: Symmetric Encryption
http://www.nyphp.org/content/presentations/SSL/symmetric.html[9/12/2009 6:56:34 PM]
Contents | Previous | Next
Basics: SymmetricEncryptionSymmetric: both sides use the same key
ReversibleRequires out-of-band key exchange.PHP needs mcrypt extension
3DESAESBlowfishRC4
We each have the same secret key.You encrypt a value with this key, and send it to me.The only way to decrypt it is with our shared secret key.
[Presentation] Basics: Asymmetric Encryption
http://www.nyphp.org/content/presentations/SSL/asymmetric.html[9/12/2009 6:56:43 PM]
Contents | Previous | Next
Basics: AsymmetricEncryptionAsymmetric: encryption and decryption use different keys
ReversibleAllows public knowledge of encryption keyPHP needs OpenSSL extension
RSA
I give you my public key.You encrypt a value with my public key, and send it to me.The only way to decrypt it is with my private key (which only Ihave).
[Presentation] Certificates
http://www.nyphp.org/content/presentations/SSL/x509pki.html[9/12/2009 6:56:48 PM]
Contents | Previous | Next
CertificatesX509 Public Key Infrastructure
RFC3280 defines Certificates and Certificate Revocation Lists.
http://rfc.net/rfc3280.html
[Presentation] Certificate Authorities
http://www.nyphp.org/content/presentations/SSL/cas.html[9/12/2009 6:56:52 PM]
Contents | Previous | Next
Certificate AuthoritiesCertificate Authorities provide secured identification of a server,and enable asymmetric encryption of messages between clientand server.
[Presentation] Transport Layer Security
http://www.nyphp.org/content/presentations/SSL/tls.html[9/12/2009 6:56:58 PM]
Contents | Previous | Next
Transport Layer SecurityA 30-second history
Secure Sockets Layer was developed by Netscape in 1994 as aprotocol which permitted persistent and secure transactions. In1997 an Open Source version of Netscape’s patented versionwas created, which is now OpenSSL. In 1999 the existingprotocol was extended by a version now known as TransportLayer Security (TLS). By convention, the term "SSL" is usedeven when technically the TLS protocol is being used.
[Presentation] TLS: What It Does
http://www.nyphp.org/content/presentations/SSL/tlsfeatures.html[9/12/2009 6:57:02 PM]
Contents | Previous | Next
TLS: What It DoesTLS encrypts messages.
TLS makes message alteration detectable.
TLS authenticates message senders/receivers.
[Presentation] TLS: The Handshake Protocol
http://www.nyphp.org/content/presentations/SSL/tlshandshake1.html[9/12/2009 6:57:07 PM]
Contents | Previous | Next
TLS: The Handshake ProtocolSSL encrypts every transaction between the client browser and theserver, which makes it possible to send sensitive information backand forth without fear that it will be readable by anybody who mightintercept it. It can do this because, before it begins transferringencrypted information, the server engages in an elaborate negotiationwith the client, called the Handshake Protocol. This negotiation hasthe following parts:
The client sends a request to the server which, because ituses the https (as opposed to http) schema, initiates thenegotiation.
[Presentation] TLS: The Handshake Protocol
http://www.nyphp.org/content/presentations/SSL/tlshandshake1.html[9/12/2009 6:57:07 PM]
[Presentation] TLS: Server Handshake Response
http://www.nyphp.org/content/presentations/SSL/tlshandshake2.html[9/12/2009 6:57:11 PM]
Contents | Previous | Next
TLS: Server HandshakeResponseThe server responds with a plain-text message consisting of thefollowing parts:
1. An exchange method to be used for passing back and forththe keys to be used for encrypting information. This istypically either RSA or Diffie-Hellman-Merkle. If it is RSA, theserver must send along also a Certificate (discussed below).
2. The type of encryption to be used (RC4 or preferably 3DES).
3. The technique to be used for calculating the MessageAuthentication Code, a checksum appended to messages andused to verify that the message contents haven’t beentampered with. Typically MD5 or SHA-1.
[Presentation] TLS: Server Handshake Response
http://www.nyphp.org/content/presentations/SSL/tlshandshake2.html[9/12/2009 6:57:11 PM]
[Presentation] TLS: Server Certificate
http://www.nyphp.org/content/presentations/SSL/tlshandshake3.html[9/12/2009 6:57:25 PM]
Contents | Previous | Next
TLS: Server CertificateRSA key exchange enhances security by requiring the server to senda Certificate to the client. This Certificate is a binary collection of thefollowing information:
1. Its identity
2. Its own attestation that it really is who it has said
3. A Certificate Authority’s attestation that the server’sattestation is true
4. Its public key, which may be used to encrypt the messageencryption key, randomly generated by the client
[Presentation] TLS: Server Certificate
http://www.nyphp.org/content/presentations/SSL/tlshandshake3.html[9/12/2009 6:57:25 PM]
[Presentation] TLS: Server Certificate Verification
http://www.nyphp.org/content/presentations/SSL/tlshandshake4.html[9/12/2009 6:57:35 PM]
Contents | Previous | Next
TLS: Server CertificateVerification
The client browser recognizes the Certificate Authorityand thus verifies the authenticity of the connection.
[Presentation] TLS: Root Certificates
http://www.nyphp.org/content/presentations/SSL/tlshandshake5.html[9/12/2009 6:57:43 PM]
Contents | Previous | Next
TLS: Root CertificatesIt can do this because it has pre-installed certificates from manyAuthorities.
[Presentation] TLS: Failed Verification
http://www.nyphp.org/content/presentations/SSL/tlshandshake6.html[9/12/2009 6:57:49 PM]
Contents | Previous | Next
TLS: Failed VerificationIf there is a conflict between the name on the certificate and thename of the server, the browser pops up a “Domain NameMismatch†notice, allowing the user to decide whether tocontinue.
[Presentation] TLS: Client Handshake Response
http://www.nyphp.org/content/presentations/SSL/tlshandshake7.html[9/12/2009 6:57:58 PM]
Contents | Previous | Next
TLS: Client HandshakeResponse
Assuming the client does trust the server, it generates arandom key to be used by the server for messageencryption. It then encrypts that key with the server’spublic key, and sends it back to the server.
[Presentation] TLS: Handshake Wrapup
http://www.nyphp.org/content/presentations/SSL/tlshandshake8.html[9/12/2009 6:58:19 PM]
Contents | Previous | Next
TLS: Handshake WrapupAt this point, the Handshake Protocol is finished. Both the serverand the client know the following:
1. What key and encryption method to use for messageencryption
2. What key and hashing method to use for messagesigning
There is, then, a great deal going on behind the scenes, whichexplains why SSL connections are sometimes slower thaninsecure ones.
[Presentation] TLS: Record Protocol
http://www.nyphp.org/content/presentations/SSL/tlsrecord1.html[9/12/2009 6:58:31 PM]
Contents | Previous | Next
TLS: Record ProtocolNow the Record Protocol starts to manage all futurecommunication. The server finally is ready to respond to theoriginal request, as follows:
1. It encrypts its http response.
2. It calculates a hash of its response
3. It appends that hash as a signature.
[Presentation] TLS: Record Protocol (cont'd)
http://www.nyphp.org/content/presentations/SSL/tlsrecord2.html[9/12/2009 6:59:08 PM]
Contents | Previous | Next
TLS: Record Protocol(cont'd)Upon receiving the server’s response, the client does thefollowing:
1. It detaches the signature.
2. It calculates a new hash of the response, and comparesthat to the detached signature.
3. (Assuming they match,) it decrypts the response.
4. It displays the requested html.
[Presentation] Apache's mod_ssl
http://www.nyphp.org/content/presentations/SSL/modssl.html[9/12/2009 6:59:29 PM]
Contents | Previous | Next
Apache's mod_sslInstalled by default in Apache 2, and available for Apache 1.3,mod_ssl provides cryptography so that Apache can interact withthe OpenSSL toolkit.
http://www.modssl.org/
[Presentation] OpenSSL
http://www.nyphp.org/content/presentations/SSL/openssl.html[9/12/2009 6:59:33 PM]
Contents | Previous | Next
OpenSSLThe OpenSSL project provides a toolkit and cryptography libraryfor implementing the TLS protocol.
http://www.openssl.org/
[Presentation] PHP's OpenSSL Support
http://www.nyphp.org/content/presentations/SSL/php.html[9/12/2009 6:59:37 PM]
Contents | Previous | Next
PHP's OpenSSL SupportPHP reports that it must be compiled --with-openssl in order touse its wrapper support for OpenSSL, although that appears notto be completely true.
http://www.php.net/openssl
[Presentation] The Big Picture
http://www.nyphp.org/content/presentations/SSL/bigpicture.html[9/12/2009 6:59:44 PM]
Contents | Previous | Next
The Big PictureGreen parts are created by local CA, pink parts by third-partyCA.
[Presentation] Part II: SSL-enabled Webservers
http://www.nyphp.org/content/presentations/SSL/part2_webservers.html[9/12/2009 6:59:53 PM]
Contents | Previous | Next
Part II: SSL-enabledWebserversHTTPS Requests and Responses are:
Encrypted
Tamper-proof
Authenticated (Server, anyway)
[Presentation] HTTPS Requirements
http://www.nyphp.org/content/presentations/SSL/requirements.html[9/12/2009 7:00:00 PM]
Contents | Previous | Next
HTTPS RequirementsApache with mod_ssl
An IP Address
Private server key (passphrase encrypted)
Signed Server Certificate
(optional) Certificate Authority Certificate(s)
(optional) PassphraseDialog script
[Presentation] Using PHP to simplify PKI
http://www.nyphp.org/content/presentations/SSL/phpca_intro.html[9/12/2009 7:00:05 PM]
Contents | Previous | Next
Using PHP to simplify PKIphpca is a command line utility to create and manage a simpleCertificate Authority for use with Apache's mod_ssl.
./phpca <command> [<server> | "ca"]
[Presentation] A Local Certificate Authority
http://www.nyphp.org/content/presentations/SSL/cagen.html[9/12/2009 7:00:10 PM]
Contents | Previous | Next
A Local Certificate Authority
./phpca cagen
[Presentation] A New Server Certificate
http://www.nyphp.org/content/presentations/SSL/newserver.html[9/12/2009 7:00:21 PM]
Contents | Previous | Next
A New Server Certificate
./phpca newserver ssl.example.org
[Presentation] Global SSL Directives
http://www.nyphp.org/content/presentations/SSL/mod_ssl_global.html[9/12/2009 7:00:32 PM]
Contents | Previous | Next
Global SSL Directives#### Global SSL Directives##
#LoadModule ssl_module modules/mod_ssl.soListen 443
# Random number generationSSLRandomSeed startup file:/dev/urandom 512SSLRandomSeed connect file:/dev/urandom 512
# Session CacheSSLSessionCache noneSSLSessionCacheTimeout 600SSLPassphraseDialog builtinSSLMutex file:/Applications/xampp/xamppfiles/logs/ssl_mutex
AddType application/x-x509-ca-cert .crtAddType application/x-pkcs7-crl .crl
[Presentation] A Passphrase Dialog
http://www.nyphp.org/content/presentations/SSL/passphrase.html[9/12/2009 7:00:51 PM]
Contents | Previous | Next
A Passphrase DialogCreate /root/httpdkey:
#!/bin/sh echo 'my secret password'
Make sure only root has access:
chmod 700 /root/httpdkey
Use an external SSLPassphraseDialog:
SSLPassphraseDialog exec:/root/httpdkey
Manual
[Presentation] Apache Per-host SSL Directives
http://www.nyphp.org/content/presentations/SSL/mod_ssl_perhost.html[9/12/2009 7:00:58 PM]
Contents | Previous | Next
Apache Per-host SSLDirectives#### SSL Virtual Host Context##<VirtualHost _default_:443> # General setup for the virtual host DocumentRoot "/Users/csnyder/Sites/https" ServerName localhost ServerAdmin [email protected] ErrorLog logs/sslerror.log
# SSL Configuration SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/httpd/ssl/localhost.cert SSLCertificateKeyFile /etc/httpd/ssl/localhost.key SSLCertificateChainFile /etc/httpd/ssl/ca.cert SSLCARevocationFile /etc/httpd/ssl/ca.crl
# Client Authentication (Type): #SSLVerifyClient require #SSLVerifyDepth 10
# SSL Engine Options: <Files ~ "\.(cgi|shtml|phtml|php?)$"> SSLOptions +StdEnvVars </Files>
# SSL Protocol Adjustments: SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
# Per-Server Logging: CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
[Presentation] Apache Per-host SSL Directives
http://www.nyphp.org/content/presentations/SSL/mod_ssl_perhost.html[9/12/2009 7:00:58 PM]
</VirtualHost>
[Presentation] Cipher Suite
http://www.nyphp.org/content/presentations/SSL/mod_ssl_ciphersuite.html[9/12/2009 7:01:03 PM]
Contents | Previous | Next
Cipher SuiteDIY suite-ness!
openssl ciphers -v 'HIGH:MEDIUM'
Manual
[Presentation] Cross Your Fingers
http://www.nyphp.org/content/presentations/SSL/testing.html[9/12/2009 7:01:24 PM]
Contents | Previous | Next
Cross Your Fingers
[Presentation] Revoking A Server Certificate
http://www.nyphp.org/content/presentations/SSL/revoke.html[9/12/2009 7:01:33 PM]
Contents | Previous | Next
Revoking A ServerCertificate
./phpca revoke ssl.example.org
[Presentation] Part III: Application Level SSL
http://www.nyphp.org/content/presentations/SSL/part3_applevel.html[9/12/2009 7:01:40 PM]
Contents | Previous | Next
Part III: Application LevelSSLA PHP application can use OpenSSL's RSA support to:
Sign values to prevent tampering
Encrypt values to keep them private
[Presentation] Example: Stored Secrets
http://www.nyphp.org/content/presentations/SSL/page43839f1e73b16.html[9/12/2009 7:01:47 PM]
Contents | Previous | Next
Example: Stored SecretsOn storage, application needs:
Application Certificate (Public Key) to encrypt values
On retrieval, application needs:
Application Private Key to decrypt values
...and Private Key passphrase
[Presentation] Class openSSL
http://www.nyphp.org/content/presentations/SSL/init.html[9/12/2009 7:01:59 PM]
Contents | Previous | Next
Class openSSLinclude_once( './openSSL.php' ); $server = new openSSL(); $server->privateKey( file_get_contents( $server_key ) );
$server->certificate( file_get_contents( $server_cert ) );
[Presentation] Signing
http://www.nyphp.org/content/presentations/SSL/sign.html[9/12/2009 7:02:09 PM]
Contents | Previous | Next
Signing
$value_signed = $ssl->sign( $value , $passphrase );
Looks like:
So long, and thanks for all the fish.-----BEGIN openSSL.php SIGNATURE-----e35fbZmTXYbVP33HY1CX31hxirAiENmEY4A0JHiGqPDfS87BmDQszGHP
CSvnMAyyqF7OuwRYnRS+VdiDNy2y3Uh2gqB7SNGXgWZnRNsMTeGX4OKX
NB5uwUQ+zNu7QjYfapQyliYoOWS5L+GcmFRHveTwAgw=-----END openSSL.php SIGNATURE-----
[Presentation] Encrypting
http://www.nyphp.org/content/presentations/SSL/encrypt.html[9/12/2009 7:02:15 PM]
Contents | Previous | Next
EncryptingShort values only! (56 chars max)
$secret = $ssl->encrypt( $value, $client_certificate );
Looks like:
Nlmc97wDavLSF7R078NcluVX8SrYMXdDFu9otugP5LDIPTW++VUQ5DOs
Z9qVS9+AL01gv1H2Ub8eNRcV67WgQw/5lMA92+T5KprSqV+CP/FXfcNC
nd3pq/H6TkP0LTF7zX9Q7GZg/4UuMHmc9EcGHhoOxBM=
[Presentation] Decrypting
http://www.nyphp.org/content/presentations/SSL/decrypt.html[9/12/2009 7:02:31 PM]
Contents | Previous | Next
Decrypting
$value = $ssl->decrypt( $secret, $passphrase );
[Presentation] Verifying
http://www.nyphp.org/content/presentations/SSL/verify.html[9/12/2009 7:02:38 PM]
Contents | Previous | Next
Verifying
$verified = $ssl->verify( $signed_value,$client_certificate );
[Presentation] Checking The Key Passphrase
http://www.nyphp.org/content/presentations/SSL/checkkey.html[9/12/2009 7:02:44 PM]
Contents | Previous | Next
Checking The KeyPassphrase
$success = $ssl->checkKey( $passphrase );
[Presentation] Parsing X.509 Data
http://www.nyphp.org/content/presentations/SSL/x509parse.html[9/12/2009 7:02:56 PM]
Contents | Previous | Next
Parsing X.509 Data$ssl->certificate( $certificate_data ); $dn = $ssl->getDN(); print_r( $dn );
Looks like:
( [C] => US [ST] => New York [L] => New York City [O] => CHXO Internet [OU] => Certificate Authority [CN] => ca.chxo.com [emailAddress] => [email protected])
[Presentation] Discussion
http://www.nyphp.org/content/presentations/SSL/discussion.html[9/12/2009 7:03:03 PM]
Contents | Previous | Next
DiscussionHow do you use SSL?
[Presentation] Thank You!
http://www.nyphp.org/content/presentations/SSL/thankyou.html[9/12/2009 7:03:10 PM]
Contents | Previous | Next
Thank You!For many many more details, please consult "Pro PHP Security",published in September by Apress.
[Presentation] Resources
http://www.nyphp.org/content/presentations/SSL/links.html[9/12/2009 7:03:20 PM]
Contents | Previous | Next
ResourcesSome of the many resources used in the making of thispresentation.
Cryptography
Diffie-Hellman-Merkle Key Exchange
PKCS #7: Cryptographic Message Syntax Standard
PKCS #12: Personal Information Exchange SyntaxStandard
RSA Cryptosystem
S/MIME Specification 3.1 (RFC 3851)
Legal
CNET: Netscape Patents Crypto Protocol (Sept. 16,1997)
United States Patent: 4,405,829 (RSA)
United States Patent: 5,657,390 (SSL)
Manuals
mod_ssl Directives
OpenSSL Manuals
PHP OpenSSL Functions
[Presentation] Resources
http://www.nyphp.org/content/presentations/SSL/links.html[9/12/2009 7:03:20 PM]
Other How-Tos
Certificate Management and Generation with OpenSSL
Generating an SSL Certificate with Apache+mod_ssl
SSL/TLS Protocol
The SSLv2 Protocol
The SSLv3 Protocol
The TLS Protocol v1.0
X.509 Public Key Infrastructure Spec (RFC 3280)
[Presentation] Download
http://www.nyphp.org/content/presentations/SSL/download.html[9/12/2009 7:03:26 PM]
Contents | Previous | *End*
DownloadPresentation files as a ZIP archive.
Contents:
psslwap/FCNYLicense.txt psslwap/README psslwap/cnf_template.php psslwap/config-dist.php psslwap/configure psslwap/fcnyCLI.php psslwap/gpl.txt psslwap/openSSL.php psslwap/openSSLDemo.php psslwap/openssl.cnf psslwap/phpca psslwap/players.png