0

I was studying PKI the other day and I had a serious thinking about the following question.

What is CSR? - It is a block of encoded text that is given to the CA when applying for an SSL certificate which validates the identity of the requesting party. The process to construct a CSR is,

  1. A Certificate Request Info value(plain-text) containing Distinguished name has to be filled. i.e. Common Name, Organization, OU, City, State, Email Address and Public Key.
  2. The above Certificate Request Info value is signed with the subject entity's private key. i.e. Digitally signed.
  3. The Certificate Request Info value, a signature algorithm identifier, and the entity's digital signature are collected together into a CSR.

So, basically the CSR contains Digitally signed plain-text info about the requesting party, the plain text-info and the Signature Algorithm.

My question is What if the Man-in-the-Middle alters the Email Address in the CSR but actually kept the public key intact?

This way when the CSR reaches the CA, the CA will fetch the public key from the plain-text info and decrypts the signed info thereby assuming that no tampering was done. So, Is there a way to prevent this interception or my understanding is incorrect?

KingsNeverDie
  • 3
  • 1

1 Answers1

0

Normally CSR does not need to be secret. CSR is signed by the applicants private key. If an attacker intercepts a CSR, changes email address and sends CSR on CA, CA will reject it, because the signature will not match the content of the CSR. If the attacker signs the changed CSR with attackers private key, the signature will still be invalid, because it cannot be verifyed by the public key contained in the CSR.

Here is a good short explanation of the verification process: How does RSA signature verification work?.

To sign the CSR with the changed email, a private key of the applicant is needed. If the applicant keeps the private key properly, then the attacker cannot get it and cannot create a valid CSR with another email.

TLDR

CA will consider the changed CSR as invalid because the attacker cannot create a valid signature.

mentallurg
  • 2,611
  • 1
  • 16
  • 22
  • Thank you for your response. When you mean "because the signature will not match the content of the CSR", does that mean that hash value will be generated and compared at the CA? – KingsNeverDie Jun 20 '20 at 07:01
  • @KingsNeverDie: Yes, I mean the hash. If the content changes, its hash will differ from the original one, and further verification steps will also produce values different from the original ones. Here is a good short explanation of the verification process: https://crypto.stackexchange.com/questions/9896/how-does-rsa-signature-verification-work. – mentallurg Jun 20 '20 at 12:03