0

Recently there has been a discussion whether secret service agencies have access to certification authorities. Before that several CAs were facing security problems being attacked by hackers.

Given this, I am wondering whether S/MIME can be still considered secure because the same CAs generate the private keys.

user2683038
  • 667
  • 6
  • 17
  • 3
    This question appears to be off-topic because it is unrelated to programming. Besides it has already been reposted at http://crypto.stackexchange.com/questions/10232/can-s-mime-be-still-considered-secure – Gilles 'SO- stop being evil' Sep 07 '13 at 19:44

1 Answers1

1

S/MIME, SSL, and any other technology based on public key encryption is presently as secure as the list of certificates you trust. It always has been and it always will be until computing power reaches the point of being able to brute force the algorithms behind it.

If they are doing things right, the CA never sees your private key. You should be generating a keypair on your machine, then send the public part to the CA. The CA sends back a signed copy of the public part (the certificate). The private key should never leave your machine.

Compromising a CA allows the attacker to sign an arbitrary public key. Since the certificate includes things such as a human-readable name, this would allow someone to pretend to be you by creating a certificate with your name on it. They still would not have your private key, however, so this does not allow them to decrypt anything sent to you.

Dark Falcon
  • 43,592
  • 5
  • 83
  • 98
  • Let's say I create an S/MIME key using a webintetface of a CA. If this CA is infiltrated by an agency this agency would have access to my private key and could decrypt email which are encrypted using this key. Or do I miss something? – user2683038 Aug 14 '13 at 15:39
  • No. See the updated answer. – Dark Falcon Aug 14 '13 at 15:46
  • Hello Dark Falcon, thanks for the update. Why don't they have access to the private key? I understood it this way that unlike PGP (where the private key is generated on the own computer) for S/MIME the private key is generated by the CA (after I fill out the web form and press OK they will send me an email with link to download the private key); means, the private is with the CA, and thus also with the agency? – user2683038 Aug 14 '13 at 16:01
  • 1
    "S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data." It is not a single provider. If a CA requires that you generate the key on their site, don't use that CA, because they clearly do not understand how the system is to work. They should **NEVER** have your private key at any time. – Dark Falcon Aug 14 '13 at 16:06
  • Hello Dark Falcon, thanks again for answering. How is then the private for S/MIME normallay generated? Is it generated by a tool on the own computer? If so, what tool is that? When using, e.g., the free certificates from Comodo they generate the key for you (as described above). – user2683038 Aug 14 '13 at 22:08
  • Really noone interested in this hot topic? – user2683038 Aug 17 '13 at 03:11
  • There is a crypto module in every browser that generates such keys. That's why most s/mime tutorials tell you to export the .p12 file from within your browsers settings. – Marc Sep 10 '13 at 06:51