Import the first cut for manual pages.

[openssl.git] / doc / ns-ca.doc

The following documentation was supplied by Jeff Barber, who provided the
patch to the CA program to add this functionality.

eric
--
Jeff Barber                                Email: jeffb@issl.atl.hp.com

Hewlett Packard                            Phone: (404) 648-9503
Internet and System Security Lab           Fax:   (404) 648-9516

                         oo
---------------------cut /\ here for ns-ca.doc ------------------------------

This document briefly describes how to use SSLeay to implement a 
certificate authority capable of dynamically serving up client
certificates for version 3.0 beta 5 (and presumably later) versions of
the Netscape Navigator.  Before describing how this is done, it's
important to understand a little about how the browser implements its
client certificate support.  This is documented in some detail in the
URLs based at <URL:http://home.netscape.com/eng/security/certs.html>.
Here's a brief overview:

-       The Navigator supports a new HTML tag "KEYGEN" which will cause
        the browser to generate an RSA key pair when you submit a form
        containing the tag.  The public key, along with an optional
        challenge (supposedly provided for use in certificate revocation
        but I don't use it) is signed, DER-encoded, base-64 encoded
        and sent to the web server as the value of the variable
        whose NAME is provided in the KEYGEN tag.  The private key is
        stored by the browser in a local key database.

        This "Signed Public Key And Challenge" (SPKAC) arrives formatted
        into 64 character lines (which are of course URL-encoded when 
        sent via HTTP -- i.e. spaces, newlines and most punctuatation are
        encoded as "%HH" where HH is the hex equivalent of the ASCII code).
        Note that the SPKAC does not contain the other usual attributes
        of a certificate request, especially the subject name fields.
        These must be otherwise encoded in the form for submission along
        with the SPKAC.

-       Either immediately (in response to this form submission), or at
        some later date (a real CA will probably verify your identity in
        some way before issuing the certificate), a web server can send a
        certificate based on the public key and other attributes back to
        the browser by encoding it in DER (the binary form) and sending it
        to the browser as MIME type:
        "Content-type: application/x-x509-user-cert"

        The browser uses the public key encoded in the certificate to
        associate the certificate with the appropriate private key in
        its local key database.  Now, the certificate is "installed".

-       When a server wants to require authentication based on client
        certificates, it uses the right signals via the SSL protocol to
        trigger the Navigator to ask you which certificate you want to
        send.  Whether the certificate is accepted is dependent on CA
        certificates and so forth installed in the server and is beyond
        the scope of this document.


Now, here's how the SSLeay package can be used to provide client 
certficates:

-       You prepare a file for input to the SSLeay ca application.
        The file contains a number of "name = value" pairs that identify
        the subject.  The names here are the same subject name component
        identifiers used in the CA section of the lib/ssleay.conf file,
        such as "emailAddress", "commonName" "organizationName" and so
        forth.  Both the long version and the short version (e.g. "Email",
        "CN", "O") can be used.

        One more name is supported: this one is "SPKAC".  Its value
        is simply the value of the base-64 encoded SPKAC sent by the
        browser (with all the newlines and other space charaters
        removed -- and newline escapes are NOT supported).

        [ As of SSLeay 0.6.4, multiple lines are supported.
          Put a \ at the end of each line and it will be joined with the
          previous line with the '\n' removed - eay ]
        
        Here's a sample input file:

C = US
SP = Georgia
O = Some Organization, Inc.
OU = Netscape Compatibility Group
CN = John X. Doe
Email = jxdoe@someorg.com
SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx

-       You execute the ca command (either from a CGI program run out of
        the web server, or as a later manual task) giving it the above
        file as input.  For example, if the file were named /tmp/cert.req,
        you'd run:
        $SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert

        The output is in DER format (binary) if a -out argument is 
        provided, as above; otherwise, it's in the PEM format (base-64
        encoded DER).  Also, the "-batch" switch is implied by the
        "-spkac" so you don't get asked whether to complete the signing
        (probably it shouldn't work this way but I was only interested
        in hacking together an online CA that could be used for issuing
        test certificates).

        The "-spkac" capability doesn't support multiple files (I think).

        Any CHALLENGE provided in the SPKAC is simply ignored.

        The interactions between the identification fields you provide
        and those identified in your lib/ssleay.conf are the same as if
        you did an ordinary "ca -in infile -out outfile" -- that is, if
        something is marked as required in the ssleay.conf file and it
        isn't found in the -spkac file, the certificate won't be issued.

-       Now, you pick up the output from /tmp/cert and pass it back to
        the Navigator prepending the Content-type string described earlier.

-       In order to run the ca command out of a CGI program, you must
        provide a password to decrypt the CA's private key.  You can
        do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..."
        I think there's a way to not encrypt the key file in the first
        place, but I didn't see how to do that, so I made a small change
        to the library that allows the password to be accepted from a pipe.
        Either way is UTTERLY INSECURE and a real CA would never do that.

        [ You can use the 'ssleay rsa' command to remove the password
          from the private key, or you can use the '-key' option to the
          ca command to specify the decryption key on the command line
          or use the -nodes option when generating the key.
          ca will try to clear the command line version of the password
          but for quite a few operating systems, this is not possible.
          - eric ]

So, what do you have to do to make use of this stuff to create an online 
demo CA capability with SSLeay?

1       Create an HTML form for your users.  The form should contain
        fields for all of the required or optional fields in ssleay.conf.
        The form must contain a KEYGEN tag somewhere with at least a NAME
        attribute.

2       Create a CGI program to process the form input submitted by the
        browser.  The CGI program must URL-decode the variables and create
        the file described above, containing subject identification info
        as well as the SPKAC block.  It should then run the the ca program
        with the -spkac option.  If it works (check the exit status),
        return the new certificate with the appropriate MIME type.  If not,
        return the output of the ca command with MIME type "text/plain".

3       Set up your web server to accept connections signed by your demo
        CA.  This probably involves obtaining the PEM-encoded CA certificate
        (ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a
        server database.  See your server manual for instructions.