Bug #13257
closed
Exporting a PKCS#12 file from the certificate manager does not use the intended encryption algorithm
Added by Jim Pingle over 2 years ago.
Updated about 2 years ago.
Plus Target Version:
23.01
Description
In source:src/usr/local/www/system_certmanager.php#L198 or thereabouts it sets a parameter encrypt_key_cipher intending to use AES-256 for exporting a PKCS#12 file. The parameter used is not honored by PHP. It isn't listed in the documentation for openssl_pkcs12_export(), nor in the source, and the resulting PKCS#12 file is created using the OpenSSL default RC2+3DES algorithms.
OpenSSL is deprecating RC2 in OpenSSL 3.0, so we should fix this for the next release if possible, in one of two ways:
1. Wait until we import PHP 8.1 and see if this is fixed there. Based on the source, I doubt it is, but worth checking.
2. Change from the PHP function to make a PKCS#12 cert to using OpenSSL directly as is done on the OpenVPN client export package. When exporting there, we can pass -certpbe AES-256-CBC -keypbe AES-256-CBC which results in a file encrypted with the expected algorithms.
- Plus Target Version changed from 22.09 to 22.11
This is not fixed on PHP 8.1, so option 2 seems to be the path forward here.
- Has duplicate Bug #13472: Cert Manager and OpenVPN exporter use **obsolete** sig/algo combination added
- Status changed from New to In Progress
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
- Private changed from Yes to No
I merged changes which move from using the native PHP function to using OpenSSL directly so we can control the algorithms involved.
Exported archives now use AES-256 and SHA256:
$ openssl pkcs12 -info -in jimp.p12 -passin pass:abc123 -passout pass:abc123
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
[...]
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
We could also consider increasing the iterations if need be.
The new export code works fine on internal snapshots, though we should probably test how well other systems can read/import the .p12 files.
Also the OpenVPN client export package should probably be updated to tie into this new function so it isn't duplicating effort, but that will be a separate Redmine task. Even if it doesn't use this function it should be changed to use the same algorithms since it already calls OpenSSL to make the archive in a similar way.
- Status changed from Feedback to In Progress
The new files import OK into pfSense (current snapshots, 22.05, and 2.6.0) and a current Windows 10 at least, but apparently macOS is not yet compatible with the higher encryption, nor are older versions of Windows. macOS fails to import the P12 into its cert manager, though it can read them at the CLI with the openssl command.
The older versions of Windows aren't a significant concern, but macOS is, so it looks like we might need an option to weaken the security down to 3DES/SHA1 while defaulting to stronger encryption. It's OK to only make this available from the cert edit screen for now as both macOS and Windows need the export password defined anyhow.
- Status changed from In Progress to Feedback
Added an option to change the encryption level to high (AES-256+SHA256), low (3DES+SHA1), and legacy (RC2-40 + SHA1). Most things non-macOS are good with "high", and macOS is happy with "low". Anything even older can use "legacy".
I looked at this mainly using macos as a client and it seemed to function well. Successful import using "low" and unsuccessful using "high".
- Status changed from Feedback to Resolved
That's a good enough test in addition to all the testing I've done. It's passed and functional testing and inspection of the results I've done thus far.
I'll close this out, we can always revisit if someone has an issue.
- Plus Target Version changed from 22.11 to 23.01
Also available in: Atom
PDF
Updated by 
Updated by