<html>
 <head>
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
 </head>
 <body>
  <div style="font-family:sans-serif">
   <span dir="ltr" style="margin-top:0; margin-bottom:0;">My pleasure!</span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;">OpenSSL supports CRMF and CMP since version 3.0.</span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;">EJBCA supports these since long, and there are also other CAs that support CMP and thus CRMF., such as the Insta CA.</span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;">Yet the support for encryption-based PoP by now likely is not strong - mostly because so far there was not much interest for it.</span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;">The OpenSSL CMP client implemenation does support sending cert requests without PoP,</span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;">and it should also support using encryption-based PoP, but I cannot recall having tried it out.</span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;">For simple examples of using CMP with the OpenSSL CLI, see at the bottom of the openssl-cmp man page.</span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;">David</span> <br> <br> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;">On Mon, 2022-10-03 at 19:48 +0000, Blumenthal, Uri - 0553 - MITLL wrote:</span> <br>
   <blockquote style="margin-top:0; margin-bottom:0;">
    <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big>David,</big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big> </big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big>Thank you! That’s a great answer. It looks like OpenSSL does support CRMF? Would you or somebody else have an example of how to work with CRMF (to create it, and to process/sign it)?</big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big> </big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big>Do you happen to know if CRMF is accepted by the “big players” in the CA field?</big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big> </big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><b><big>Thank you again!</big></b></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;">-- </span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;">V/R,</span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;">Uri</span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><i> </i></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><i>There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.</i></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><i>The other is to make it so complex there are no obvious deficiencies.</i></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><i>                                                                                                                                     -  C. A. R. Hoare</i></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big> </big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big> </big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><b><big>From: </big></b></span></small><small><span style="font-family:"calibri", sans-serif;"><big>David von Oheimb <it@von-Oheimb.de></big></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big><b>Date: </b></big></span></small><small><span style="font-family:"calibri", sans-serif;"><big>Monday, October 3, 2022 at 15:13</big></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big><b>To: </b></big></span></small><small><span style="font-family:"calibri", sans-serif;"><big>Uri Blumenthal <uri@ll.mit.edu>, openssl-users <openssl-users@openssl.org></big></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><big><b>Subject: </b></big></span></small><small><span style="font-family:"calibri", sans-serif;"><big>Re: Q: creating CSR for encryption-only cert?</big></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"> </span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">Requesting a cert in a CSR for a key pair that cannot be used for signing is indeed impossible in</span></span></small><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;"> the widely used PKCS#10 format</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">(except if one break sthe PKCS#10 requirement of a self-signature, e.g., by applying a dummy signature).</span></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">A viable solution is to use a different CSR format, such as CRMF.</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">This format is the preferred one by CMP and CMC (while they also support PKCS#10) because it is much more flexible.</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">CRMF does not strictly require to provide a proof-of-possession (PoP), and it offeres also indirect ways of doing a PoP.</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">For instance, for encryption keys the new cert can be returned by the CA in encrypted form (using the new public key) to the EE,</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">and the EE will only be able to make use of the cert if it is able to decrypt it, which proves possession of the private key.</span></span></small></span> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">David</span></span></small></span> <br> <br> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">On Mon, 2022-10-03 at 15:11 +0000, Blumenthal, Uri - 0553 - MITLL wrote:</span></span></small></span> <br> <br>
   </blockquote>
   <blockquote style="margin-top:0; margin-bottom:0;">
    <blockquote style="margin-top:0; margin-bottom:0;">
     <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> TLDR;</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> Need to create a CSR for a key pair whose algorithm does not allow</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> signing (either because it’s something like Kyber, or because</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> restriction enforced by HSM). How to do it?</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">>  </span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> There are several use cases that require certifying long-term</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> asymmetric keys that are only capable of encryption/decryption – but</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> not signing/verification. That could be either because the algorithm</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> itself does not do signing, or because the private key is generated</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> and kept in a secure hardware that enforces usage restriction.</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">>  </span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> CSR is supposed to be signed by the corresponding private key to</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> prove possession. Obviously, it cannot be done with a key such as</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> described above. How is this problem addressed in the real world?</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">>  With AuthKEM and KEMTLS, how would these protocols get their</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> certificates?</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">>  </span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> Thanks!</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> --</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> V/R,</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> Uri Blumenthal                              Voice: (781) 981-1638 </span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> Secure Resilient Systems and Technologies   Cell:  (339) 223-5363</span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> MIT Lincoln Laboratory                     </span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> 244 Wood Street, Lexington, MA  02420-9108      </span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">>  </span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> Web:     </span></span></small><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;"><a href="https://www.ll.mit.edu/biographies/uri-blumenthal">https://www.ll.mit.edu/biographies/uri-blumenthal</a></span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">> Root CA: </span></span></small><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;"><a href="https://www.ll.mit.edu/llrca2.pem">https://www.ll.mit.edu/llrca2.pem</a></span></span></small></span> <br> <span dir="ltr" style="margin-top:0; margin-bottom:0;"><small><span style="font-family:"calibri", sans-serif;"><span style="font-family:"arial",sans-serif;">>  </span></span></small></span> <br> <br>
    </blockquote>
   </blockquote> <br>
  </div>
 </body>
</html>