Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for enhancement: support for verifying generated attestation certificates #366

Open
DemiMarie opened this issue Dec 14, 2020 · 5 comments
Open

Request for enhancement: support for verifying generated attestation certificates #366

DemiMarie opened this issue Dec 14, 2020 · 5 comments

Comments

@DemiMarie
Copy link

  • YubiKey Manager (ykman) version:

      YubiKey Manager (ykman) version: 3.1.1
  Libraries:
      libykpers 1.20.0
      libusb 1.0.23

  • How was it installed?: Fedora 32 RPM package

  • Operating system and version: Fedora 32

  • YubiKey model and version: YubiKey 5 NFC

  • Bug description summary:

This isn’t a bug per se, but rather an enhancement request. Would it be possible for the YubiKey Manager to support verifying attestation certificates? While they chain to a Yubico CA, the root certificate isn’t signed (directly or indirectly) by any trust anchor I know of and am in a position to verify.

It would be especially nice if ykman could verify that a signature was made by a specific YubiKey (specified by serial number).
@fdennis
Copy link
Contributor

fdennis commented Dec 17, 2020

Hi,
You can find the root certificate (and more information about this in general) here. Have a look and let me know if it clarifies things for you or not.

Furthermore, could you elaborate in more detail regarding your use case?

@DemiMarie
Copy link
Author

My threat model assumes that the infrastructure is compromised, and that a trusted CA might have issued a rogue certificate for developers.yubico.com. Therefore, the TLS connection to the server is not sufficient for me to trust that the root certificate on the website is authentic. Furthermore, the QubesOS AppVMs in which I usually run ykman have no network access whatsoever, so they cannot obtain the root certificate.

Not only would embedding the root certificate allow me trust that it is authentic, but it would also ease using ykman in air-gapped environments, where downloading the certificate from Yubico isn’t possible.

@dainnilsson
Copy link
Member

The way I see it you have a boot-strapping problem no matter what: To verify attestation you have to get our root CA from "somewhere", and you need to be able to trust it. Even if we embedd it into ykman, this just moves the problem to there, doesn't it?

The threat model is one thing, but can you explain more about your specific use case for attestation? What is it you want to actually achieve? I'm struggling a bit with understanding what gets verified to whom here, because I think your use case might be different than the typical one we see, which goes something like this:

Attestation typically involves a client-server model, where the client provides a public key and attestation to a server, and the server verifies that the public key was generated on a (specific) YubiKey.

In this scenario, the client will:

  • Get a YubiKey.
  • Use ykman to generate a private key, attest the key, and export the attestation batch certificate.
  • Send the attestation and batch certificates to the server.

The server will then:

  • Once, at some point in time acquire and trust the Yubico PIV Attestation CA certificate.
  • Verify the chain: CA -> batch certificate -> attestation certificate.
  • Accept the clients public key (contained in the attestation certificate) as valid.

Since the server never actually sees a YubiKey, we typically don't see a use for having the verification functionality in the ykman tool (it wouldn't be installed on the server).

@DemiMarie
Copy link
Author

The way I see it you have a boot-strapping problem no matter what: To verify attestation you have to get our root CA from "somewhere", and you need to be able to trust it. Even if we embedd it into ykman, this just moves the problem to there, doesn't it?

In my case, I trust ykman because it is included in a Fedora package, and that package is signed by a Fedora key.

The threat model is one thing, but can you explain more about your specific use case for attestation? What is it you want to actually achieve? I'm struggling a bit with understanding what gets verified to whom here, because I think your use case might be different than the typical one we see, which goes something like this:

I actually have two uses for attestation.

The first is as a way to check that a GPG public key is actually the one that corresponds to the card’s secret key. I use YubiKeys to sign and encrypt backups, so when it comes time to restore, I need to somehow verify that the public verification key matches that which I used to sign the backup. The backup storage is considered untrusted, so just putting the key there won’t work, and writing down a fingerprint on paper is inconvenient.

The second is to validate that a YubiKey is genuine. I use QubesOS, so the classic BadUSB attack doesn’t work. In particular, I can have one AppVM validate an attestation certificate generated by another.

@Sebi2020
Copy link

Sebi2020 commented Feb 5, 2021

If you sign your backups with the gpg private key (and can be sure, that you really sign your backup with the stored private key), the verification would fail if the public key does not belong to the secret key on your card/yubikey.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dainnilsson @Sebi2020 @fdennis @DemiMarie