Certificate - if "Extended Key Usage" is defined, openssl ignore "Key Usage"

Hi,

        if we verify signature created by certificate with "Extended Key Usage" defined, we get error "unsupported certificate purpose". But "Key Usage" includes "Digital Signature":

Certificate:
  Data:
    X509v3 extensions:
      X509v3 Extended Key Usage:
        TLS Web Client Authentication
      X509v3 Key Usage:
        Digital Signature, Non Repudiation, Key Encipherment, Data Enciperment

----------------

Please see attachement:
cert.pem - certificate
data - signed data
sign.pem - signature "data" by "cert.pem"
ca-bundle.crt - issuer of "cert.pem"

Tests:
1. command
"openssl smime -verify -CAfile ca-bundle.crt -binary -inform pem -in sign.pem -content data -certfile cert.pem"
(verify both signature and certificate) returns:
Verification failure
11685:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:244:Verify error:unsupported certificate purpose

2. command
"openssl smime -verify -noverify -binary -inform pem -in sign.pem -content data -certfile cert.pem"
(verify signature only) returns contens of "data" followed by:
Verification successful

3. command
"openssl verify -CAfile ca-bundle.crt cert.pem"
(basic tests of certificate) returns:
cert.pem: OK

4. command
"openssl verify -CAfile ca-bundle.crt -purpose smimesign cert.pem"
(basic tests of certificate and test if certificate can be used for signing) returns:
cert.pem: /C=CZ/CN=MUDr. Lada Poschlova/L=Nove Straseci, Celechovicka 1090/serialNumber=ICA - 605499
error 26 at 0 depth lookup:unsupported certificate purpose
OK

        The first exemple internally uses test descibed by fourth example.

        It seems as any bug: if "Extended Key Usage" is defined, openssl ignore "Key Usage".
        OpenSSL 0.9.8k 25 Mar 2009

                Thanks, V. Benes

Maybe you should add "emailProtection" to "ExtendedKeyUsage".

Best regards
Thomas

-----Ursprüngliche Nachricht-----
Von: owner-openssl-users@... [mailto:owner-openssl-users@...] Im Auftrag von Beneš Vladimír
Gesendet: Freitag, 6. November 2009 12:47
An: openssl-users@...
Betreff: Certificate - if "Extended Key Usage" is defined, openssl ignore "Key Usage"

Hi,

        if we verify signature created by certificate with "Extended Key Usage" defined, we get error "unsupported certificate purpose". But "Key Usage" includes "Digital Signature":

Certificate:
  Data:
    X509v3 extensions:
      X509v3 Extended Key Usage:
        TLS Web Client Authentication
      X509v3 Key Usage:
        Digital Signature, Non Repudiation, Key Encipherment, Data Enciperment

----------------

Please see attachement:
cert.pem - certificate
data - signed data
sign.pem - signature "data" by "cert.pem"
ca-bundle.crt - issuer of "cert.pem"

Tests:
1. command
"openssl smime -verify -CAfile ca-bundle.crt -binary -inform pem -in sign.pem -content data -certfile cert.pem"
(verify both signature and certificate) returns:
Verification failure
11685:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:244:Verify error:unsupported certificate purpose

2. command
"openssl smime -verify -noverify -binary -inform pem -in sign.pem -content data -certfile cert.pem"
(verify signature only) returns contens of "data" followed by:
Verification successful

3. command
"openssl verify -CAfile ca-bundle.crt cert.pem"
(basic tests of certificate) returns:
cert.pem: OK

4. command
"openssl verify -CAfile ca-bundle.crt -purpose smimesign cert.pem"
(basic tests of certificate and test if certificate can be used for signing) returns:
cert.pem: /C=CZ/CN=MUDr. Lada Poschlova/L=Nove Straseci, Celechovicka 1090/serialNumber=ICA - 605499
error 26 at 0 depth lookup:unsupported certificate purpose
OK

        The first exemple internally uses test descibed by fourth example.

        It seems as any bug: if "Extended Key Usage" is defined, openssl ignore "Key Usage".
        OpenSSL 0.9.8k 25 Mar 2009

                Thanks, V. Benes
________________________________________________________________________________________________________________________
Atos Origin GmbH, Theodor-Althoff-Straße 47, D-45133 Essen, Postfach 100 123, D-45001 Essen
Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de
ING Bank AG, Frankfurt/Main: Konto 001 014 0937, BLZ 500 210 00, Swift / BIC INGBDEFF, IBAN DE74 5002 1000 0010 1409 37
Geschäftsführer: Winfried Holz, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238
________________________________________________________________________________________________________________________


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Hi,

        we have no influence to issuer.
        Issuer is a standard Certification Authority on Czech Republic (http://www.ica.cz/gb/).
        Signature is valid, certificate is valid too and can be used for create digital signature.

        So our program now verifies signatures by example 2 and example 3 (instead
example 1): extra signature without certificate test and extra certificate test without purpose test.
        But it is not pure solution becouse purpose of certifikace is not tested.

        Pure solution is by example 1 or example 2 + 4 (it's equal). But openssl reports below mentioned problem.

                Thanks V. Benes

-----Original Message-----
From: owner-openssl-users@... [mailto:owner-openssl-users@...] On Behalf Of thomas.beckmann@...
Sent: Friday, November 06, 2009 2:14 PM
To: openssl-users@...
Subject: AW: Certificate - if "Extended Key Usage" is defined, openssl ignore "Key Usage"

Maybe you should add "emailProtection" to "ExtendedKeyUsage".

Best regards
Thomas

-----Ursprüngliche Nachricht-----
Von: owner-openssl-users@... [mailto:owner-openssl-users@...] Im Auftrag von Beneš Vladimír
Gesendet: Freitag, 6. November 2009 12:47
An: openssl-users@...
Betreff: Certificate - if "Extended Key Usage" is defined, openssl ignore "Key Usage"

Hi,

        if we verify signature created by certificate with "Extended Key Usage" defined, we get error "unsupported certificate purpose". But "Key Usage" includes "Digital Signature":

Certificate:
  Data:
    X509v3 extensions:
      X509v3 Extended Key Usage:
        TLS Web Client Authentication
      X509v3 Key Usage:
        Digital Signature, Non Repudiation, Key Encipherment, Data Enciperment

----------------

Please see attachement:
cert.pem - certificate
data - signed data
sign.pem - signature "data" by "cert.pem"
ca-bundle.crt - issuer of "cert.pem"

Tests:
1. command
"openssl smime -verify -CAfile ca-bundle.crt -binary -inform pem -in sign.pem -content data -certfile cert.pem"
(verify both signature and certificate) returns:
Verification failure
11685:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:244:Verify error:unsupported certificate purpose

2. command
"openssl smime -verify -noverify -binary -inform pem -in sign.pem -content data -certfile cert.pem"
(verify signature only) returns contens of "data" followed by:
Verification successful

3. command
"openssl verify -CAfile ca-bundle.crt cert.pem"
(basic tests of certificate) returns:
cert.pem: OK

4. command
"openssl verify -CAfile ca-bundle.crt -purpose smimesign cert.pem"
(basic tests of certificate and test if certificate can be used for signing) returns:
cert.pem: /C=CZ/CN=MUDr. Lada Poschlova/L=Nove Straseci, Celechovicka 1090/serialNumber=ICA - 605499
error 26 at 0 depth lookup:unsupported certificate purpose
OK

        The first exemple internally uses test descibed by fourth example.

        It seems as any bug: if "Extended Key Usage" is defined, openssl ignore "Key Usage".
        OpenSSL 0.9.8k 25 Mar 2009

                Thanks, V. Benes
________________________________________________________________________________________________________________________
Atos Origin GmbH, Theodor-Althoff-Straße 47, D-45133 Essen, Postfach 100 123, D-45001 Essen
Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de
ING Bank AG, Frankfurt/Main: Konto 001 014 0937, BLZ 500 210 00, Swift / BIC INGBDEFF, IBAN DE74 5002 1000 0010 1409 37
Geschäftsführer: Winfried Holz, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238
________________________________________________________________________________________________________________________


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

On Fri, Nov 06, 2009, Bene? Vladimr wrote:

You don't mention what kind of signature but I'd guess S/MIME using PKCS#7 or
CMS. By default that is checked for the email purpose which is why you get the
error. If you want an alternative purpose you can set that at the X509_STORE
level or on the command line.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Hello,

        we use PKCS#7 signature format; please see attachement of my initial mail (there are signing certificate, signature, signed data and issuer certificate) - http://marc.info/?l=openssl-users&m=125751029707705&w=1 (attachment.zip).
        There are calling openssl for signature ano / or certificate verification by using meantioned files on this mail too.

        We use command line only for calling openssl, so we cann't directly control X509_STORE.

        I'am afraid we cann't call no modified openssl by command line for verification signature with purpose verification certificate if certificate includes both X509v3 Key Usage and X509v3 Extended Key Usage.

        There is "Digital Signature" value on X509v3 Key Usage so imho openssl wouldn't return error "unsupported certificate purpose" becouse this certificate can be used for digital signing.
        Imho issuer created this certificate correctly and this certificate can be used for digital signing.

                Thank you V. Benes

-----Original Message-----
From: owner-openssl-users@... [mailto:owner-openssl-users@...] On Behalf Of Dr. Stephen Henson
Sent: Friday, November 06, 2009 6:08 PM
To: openssl-users@...
Subject: Re: Certificate - if "Extended Key Usage" is defined, openssl ignore "Key Usage"

On Fri, Nov 06, 2009, Bene? Vladimr wrote:

You don't mention what kind of signature but I'd guess S/MIME using PKCS#7 or
CMS. By default that is checked for the email purpose which is why you get the
error. If you want an alternative purpose you can set that at the X509_STORE
level or on the command line.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

On Mon, Nov 09, 2009, Bene? Vladimr wrote:

If you can't change the command line or the certificate then you are out of
luck. By default a PKCS#7 structure is used for S/MIME mail and that extended
key usage specificaly excludes that possibility: i.e. the CA didn't intend
that purpose.

The extensions each place restrictions on how the key can be used it is an AND
and not an OR operation. So key usage says you can only use the key for
digital signatures AND EKU also says you can only use if for SSL client auth.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Hello,

        thank you for answer.

        I then found RFC 3850 (e.g. on http://www.ietf.org/rfc/rfc3850.txt) where is piece of information corresponding to your answer:

"""
4.4.4.  Extended Key Usage Extension
...
The set of technical purposes for the certificate therefore
are the intersection of the uses indicated in the key usage and
extended key usage extensions.
"""

        So mentioned certificate really wouldn't be used for digital signing.

                Thank you V. Benes

-----Original Message-----
From: owner-openssl-users@... [mailto:owner-openssl-users@...] On Behalf Of Dr. Stephen Henson
Sent: Monday, November 09, 2009 2:09 PM
To: openssl-users@...
Subject: Re: Certificate - if "Extended Key Usage" is defined, openssl ignore "Key Usage"

On Mon, Nov 09, 2009, Bene? Vladimr wrote:

If you can't change the command line or the certificate then you are out of
luck. By default a PKCS#7 structure is used for S/MIME mail and that extended
key usage specificaly excludes that possibility: i.e. the CA didn't intend
that purpose.

The extensions each place restrictions on how the key can be used it is an AND
and not an OR operation. So key usage says you can only use the key for
digital signatures AND EKU also says you can only use if for SSL client auth.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...