1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-25 10:49:57 +01:00
gnupg/doc/howto-create-a-server-cert.texi
Daniel Kahn Gillmor 121286d9d1
gpgsm: default to 3072-bit keys.
* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
(cherry picked from commit 7955262151a5c755814dd23414e6804f79125355)
2019-02-28 11:00:31 +01:00

275 lines
8.5 KiB
Plaintext

@node Howto Create a Server Cert
@section Creating a TLS server certificate
Here is a brief run up on how to create a server certificate. It has
actually been done this way to get a certificate from CAcert to be used
on a real server. It has only been tested with this CA, but there
shouldn't be any problem to run this against any other CA.
We start by generating an X.509 certificate signing request. As there
is no need for a configuration file, you may simply enter:
@cartouche
@example
$ gpgsm --generate-key >example.com.cert-req.pem
Please select what kind of key you want:
(1) RSA
(2) Existing key
(3) Existing key from card
Your selection? 1
@end example
@end cartouche
I opted for creating a new RSA key. The other option is to use an
already existing key, by selecting @kbd{2} and entering the so-called
keygrip. Running the command @samp{gpgsm --dump-secret-key USERID}
shows you this keygrip. Using @kbd{3} offers another menu to create a
certificate directly from a smart card based key.
Let's continue:
@cartouche
@example
What keysize do you want? (3072)
Requested keysize is 3072 bits
@end example
@end cartouche
Hitting enter chooses the default RSA key size of 3072 bits. Keys
smaller than 2048 bits are too weak on the modern Internet. If you
choose a larger (stronger) key, your server will need to do more work.
@cartouche
@example
Possible actions for a RSA key:
(1) sign, encrypt
(2) sign
(3) encrypt
Your selection? 1
@end example
@end cartouche
Selecting ``sign'' enables use of the key for Diffie-Hellman key
exchange mechanisms (DHE and ECDHE) in TLS, which are preferred
because they offer forward secrecy. Selecting ``encrypt'' enables RSA
key exchange mechanisms, which are still common in some places.
Selecting both enables both key exchange mechanisms.
Now for some real data:
@cartouche
@example
Enter the X.509 subject name: CN=example.com
@end example
@end cartouche
This is the most important value for a server certificate. Enter here
the canonical name of your server machine. You may add other virtual
server names later.
@cartouche
@example
E-Mail addresses (end with an empty line):
>
@end example
@end cartouche
We don't need email addresses in a TLS server certificate and CAcert
would anyway ignore such a request. Thus just hit enter.
If you want to create a client certificate for email encryption, this
would be the place to enter your mail address
(e.g. @email{joe@@example.org}). You may enter as many addresses as you like,
however the CA may not accept them all or reject the entire request.
@cartouche
@example
Enter DNS names (optional; end with an empty line):
> example.com
> www.example.com
>
@end example
@end cartouche
Here I entered the names of the services which the machine actually
provides. You almost always want to include the canonical name here
too. The browser will accept a certificate for any of these names. As
usual the CA must approve all of these names.
@cartouche
@example
URIs (optional; end with an empty line):
>
@end example
@end cartouche
It is possible to insert arbitrary URIs into a certificate; for a server
certificate this does not make sense.
@cartouche
@example
Create self-signed certificate? (y/N)
@end example
@end cartouche
Since we are creating a certificate signing request, and not a full
certificate, we answer no here, or just hit enter for the default.
We have now entered all required information and @command{gpgsm} will
display what it has gathered and ask whether to create the certificate
request:
@cartouche
@example
These parameters are used:
Key-Type: RSA
Key-Length: 3072
Key-Usage: sign, encrypt
Name-DN: CN=example.com
Name-DNS: example.com
Name-DNS: www.example.com
Proceed with creation? (y/N) y
@end example
@end cartouche
@command{gpgsm} will now start working on creating the request. As this
includes the creation of an RSA key it may take a while. During this
time you will be asked 3 times for a passphrase to protect the created
private key on your system. A pop up window will appear to ask for
it. The first two prompts are for the new passphrase and for re-entering it;
the third one is required to actually create the certificate signing request.
When it is ready, you should see the final notice:
@cartouche
@example
Ready. You should now send this request to your CA.
@end example
@end cartouche
Now, you may look at the created request:
@cartouche
@example
$ cat example.com.cert-req.pem
-----BEGIN CERTIFICATE REQUEST-----
MIIClTCCAX0CAQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDP1QEcbTvOLLCX4gAoOzH9AW7jNOMj7OSOL0uW
h2bCdkK5YVpnX212Z6COTC3ZG0pJiCeGt1TbbDJUlTa4syQ6JXavjK66N8ASZsyC
Rwcl0m6hbXp541t1dbgt2VgeGk25okWw3j+brw6zxLD2TnthJxOatID0lDIG47HW
GqzZmA6WHbIBIONmGnReIHTpPAPCDm92vUkpKG1xLPszuRmsQbwEl870W/FHrsvm
DPvVUUSdIvTV9NuRt7/WY6G4nPp9QlIuTf1ESPzIuIE91gKPdrRCAx0yuT708S1n
xCv3ETQ/bKPoAQ67eE3mPBqkcVwv9SE/2/36Lz06kAizRgs5AgMBAAGgOjA4Bgkq
hkiG9w0BCQ4xKzApMCcGA1UdEQQgMB6CC2V4YW1wbGUuY29tgg93d3cuZXhhbXBs
ZS5jb20wDQYJKoZIhvcNAQELBQADggEBAEWD0Qqz4OENLYp6yyO/KqF0ig9FDsLN
b5/R+qhms5qlhdB5+Dh+j693Sj0UgbcNKc6JT86IuBqEBZmRCJuXRoKoo5aMS1cJ
hXga7N9IA3qb4VBUzBWvlL92U2Iptr/cEbikFlYZF2Zv3PBv8RfopVlI3OLbKV9D
bJJTt/6kuoydXKo/Vx4G0DFzIKNdFdJk86o/Ziz8NOs9JjZxw9H9VY5sHKFM5LKk
VcLwnnLRlNjBGB+9VK/Tze575eG0cJomTp7UGIB+1xzIQVAhUZOizRDv9tHDeaK3
k+tUhV0kuJcYHucpJycDSrP/uAY5zuVJ0rs2QSjdnav62YrRgEsxJrU=
-----END CERTIFICATE REQUEST-----
$
@end example
@end cartouche
You may now proceed by logging into your account at the CAcert website,
choose @code{Server Certificates - New}, check @code{sign by class 3 root
certificate}, paste the above request block into the text field and
click on @code{Submit}.
If everything works out fine, a certificate will be shown. Now run
@cartouche
@example
$ gpgsm --import
@end example
@end cartouche
and paste the certificate from the CAcert page into your terminal
followed by a Ctrl-D
@cartouche
@example
-----BEGIN CERTIFICATE-----
MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl
[...]
rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs
Rtct3tIX
-----END CERTIFICATE-----
gpgsm: issuer certificate (#/CN=CAcert Class 3 Ro[...]) not found
gpgsm: certificate imported
gpgsm: total number processed: 1
gpgsm: imported: 1
@end example
@end cartouche
@command{gpgsm} tells you that it has imported the certificate. It is now
associated with the key you used when creating the request. The root
certificate has not been found, so you may want to import it from the
CACert website.
To see the content of your certificate, you may now enter:
@cartouche
@example
$ gpgsm -K example.com
/home/foo/.gnupg/pubring.kbx
---------------------------
Serial number: 4C
Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...]
Subject: /CN=example.com
aka: (dns-name example.com)
aka: (dns-name www.example.com)
validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51
key type: 3072 bit RSA
key usage: digitalSignature keyEncipherment
ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57
@end example
@end cartouche
I used @option{-K} above because this will only list certificates for
which a private key is available. To see more details, you may use
@option{--dump-secret-keys} instead of @option{-K}.
To make actual use of the certificate you need to install it on your
server. Server software usually expects a PKCS\#12 file with key and
certificate. To create such a file, run:
@cartouche
@example
$ gpgsm --export-secret-key-p12 -a >example.com-cert.pem
@end example
@end cartouche
You will be asked for the passphrase as well as for a new passphrase to
be used to protect the PKCS\#12 file. The file now contains the
certificate as well as the private key:
@cartouche
@example
$ cat example-cert.pem
Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...]
Serial ...: 4C
Subject ..: /CN=example.com
aka ..: (dns-name example.com)
aka ..: (dns-name www.example.com)
-----BEGIN PKCS12-----
MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu
[...many more lines...]
-----END PKCS12-----
$
@end example
@end cartouche
Copy this file in a secure way to the server, install it there and
delete the file then. You may export the file again at any time as long
as it is available in GnuPG's private key database.