Hello,
I'm trying to understand the full process to perform provisioning of an ATECC608B. I particularly checked at https://github.com/espressif/esp-crypto ... /README.md and this looks really simple.
I wonder bout one thing there: why the signer certificate validity should be 365 days only? Is it a good practice only or is there a technical reason ? What append / what is the risk if the signer certificate has a longer validity, let say 10 years for example ?
Thanks
Joel
Why signer validity of ESP crypto auth utility is so short ?
Re: Why signer validity of ESP crypto auth utility is so short ?
Hello again,
Just to develop a bit this question: the topic behind this is that my devices will expose their public key to a server to perform authentication. Server should be able to validate the authenticity of the device. I would like to achieve verification of the public key using the signer (I don't know how I can technically do that for the moment !)
If the signer validity period is 1 year, that means probably I will not be able to validate this after the expiry period ? And additionally, if adding some devices later, I will need a new signer, so the server should be able to validate devices with several signers.
Not sure if what I'm saying here is correct to be honest !
Joel
Just to develop a bit this question: the topic behind this is that my devices will expose their public key to a server to perform authentication. Server should be able to validate the authenticity of the device. I would like to achieve verification of the public key using the signer (I don't know how I can technically do that for the moment !)
If the signer validity period is 1 year, that means probably I will not be able to validate this after the expiry period ? And additionally, if adding some devices later, I will need a new signer, so the server should be able to validate devices with several signers.
Not sure if what I'm saying here is correct to be honest !
Joel
-
- Posts: 1750
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: Why signer validity of ESP crypto auth utility is so short ?
The signer certificate must be valid at the time the signature is created; validation of the signature should be possible forever irrespective of the expiration date of the signer's certificate.
Yes, that will be the case.if adding some devices later, I will need a new signer, so the server should be able to validate devices with several signers.
The reason for limiting certificates' validity is usually for security reasons, kind-of enforcing key renewal policies.
Depending on your expected threat level, it is probably perfectly fine to use a long-term certificate for key signing in your case.
Re: Why signer validity of ESP crypto auth utility is so short ?
Thanks, this confirms my understanding that the signer is temporary used I start to have a better understanding of the global process.
On the other hand I have used the esp crypto auth utility successfully, very simple to use.
One details maybe you know : I have not found the sources of the utility running on the esp32. Only binaries are provided. Anyone knows where to find this ?
Joel
On the other hand I have used the esp crypto auth utility successfully, very simple to use.
One details maybe you know : I have not found the sources of the utility running on the esp32. Only binaries are provided. Anyone knows where to find this ?
Joel
Re: Why signer validity of ESP crypto auth utility is so short ?
Answering my question at the same time I'm writing, the source code of the esp32 firmware utility is on the same repo, on a separated branch
-
- Posts: 25
- Joined: Tue Aug 13, 2019 2:03 pm
Re: Why signer validity of ESP crypto auth utility is so short ?
Hi Joel,
I see a couple of questions answered already, I will add my thoughts on them as well.
If you change the signer certificate after 1 year to reduce vulnerability then you also need to update the device certificate for each device which might be already on field. It's a tricky job to do that. So generally this is not done. If your product needs has a very stringent security requirements then maybe this option should be considered.
First you register the signer certificate with cloud services such as AWS. Then you shall use that signer to sing the device certificate.
When the device shall connect with the server it shall send its device certificate and signer certificate with the server. The server shall verify that the device certificate is indeed signed using the signer certificate and ask device cert to prove ownership of the device private key. Once that is done the server will trust the device and perform further communication.
I hope I have added enough details.
Please let me know if you would like me to elaborate on any point.
Thanks,
Aditya
I see a couple of questions answered already, I will add my thoughts on them as well.
That is a sample signer certificate just for showcasing the usability. Typically the signer certificate should be valid for the lifetime of the product. It means that the device should not have to change its device certificate till its lifetime. This also follows that the device cert private key and Signer cert private key is not leaked in the meantime. In that case it is okay to have signer validity for 10 years. (Or even more than that)I wonder bout one thing there: why the signer certificate validity should be 365 days only? Is it a good practice only or is there a technical reason ? What append / what is the risk if the signer certificate has a longer validity, let say 10 years for example ?
If you change the signer certificate after 1 year to reduce vulnerability then you also need to update the device certificate for each device which might be already on field. It's a tricky job to do that. So generally this is not done. If your product needs has a very stringent security requirements then maybe this option should be considered.
Extending the signer validity as explained above should fix this. Alternatively, Registering multiple signer certificates is supported on most of the cloud servers so it should not be a problem.If the signer validity period is 1 year, that means probably I will not be able to validate this after the expiry period ? And additionally, if adding some devices later, I will need a new signer, so the server should be able to validate devices with several signers.
So in this case what happens is that you form a chain of trust with the signer being at the top of the hierarchy.Just to develop a bit this question: the topic behind this is that my devices will expose their public key to a server to perform authentication. Server should be able to validate the authenticity of the device. I would like to achieve verification of the public key using the signer (I don't know how I can technically do that for the moment !)
First you register the signer certificate with cloud services such as AWS. Then you shall use that signer to sing the device certificate.
When the device shall connect with the server it shall send its device certificate and signer certificate with the server. The server shall verify that the device certificate is indeed signed using the signer certificate and ask device cert to prove ownership of the device private key. Once that is done the server will trust the device and perform further communication.
I hope I have added enough details.
Please let me know if you would like me to elaborate on any point.
Thanks,
Aditya
Who is online
Users browsing this forum: MicroController and 82 guests