1

I came across a mbedTLS example on an embedded device and i see a server certificate validation (github.com as example) before downloading a firmware but the only certificate/key coded is the one of github (the CA chain, rather than the github cert itself).

My questions are:

  1. If i perform a server CA verification do i only need the CA certs right?
  2. After the verification of the server, is the communication between the two encrypted at all, meaning is the firmware file exposed in clear or is it crypted? Is the encryptiong done using the private key of the server? (which i suppose it is on the github server). If not what's the use of the server private key? Integrity?
  3. Do i also need a client private key to establish an encrypted connection? If not is the client private key supposed to do the same thing of the server private key but on client side?

I've a general idea of what the answers are but i need certainties.

Regards,

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
Luigi
  • 376
  • 3
  • 16

1 Answers1

5

If i perform a server CA verification do i only need the CA certs right?

correct

After the verification of the server, is the communication between the two encrypted at all, meaning is the firmware file exposed in clear or is it crypted? Is the encryptiong done using the private key of the server? (which i suppose it is on the github server). If not what's the use of the server private key? Integrity?

The validation of the servers certificate is part of the TLS handshake but not the end of the handshake. Only after the handshake is completed data are encrypted but also no application data are transferred before the handshake is completed. Thus, a firmware transferred over TLS is encrypted with whatever cipher client and server agreed on - which may be a weak or a strong cipher.

The application data are not encrypted by any private key but by symmetric cryptography. For more details see How does SSL/TLS work.

Do i also need a client private key to establish an encrypted connection? If not is the client private key supposed to do the same thing of the server private key but on client side?

A client does not need a private key for encryption. Apart from that the servers private key should be kept secret (private) and therefore it should not be possible that the client can just use the servers private key. Again, see How does SSL/TLS work for details.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • i don't understand this part: Having verified the certificate and being certain this server really is who he claims to be (and not a man in the middle), a key is exchanged. This can be a public key, a "PreMasterSecret" or simply nothing, depending on the chosen ciphersuite. Both the server and the client can now compute the key for the symmetric encryption whynot PKE?. This means the client encrypts the key using the public server key. But why is there a Client Private Key (and client cert) in the mbedTLS struct?is it only needed if the server needs to verify also the identity of the client? – Luigi Sep 26 '17 at 07:05
  • Also is the server public key embedded in the certificate? In the python server example i see a -----BEGIN PRIVATE KEY----- and a -----BEGIN CERTIFICATE----- but nothing about a PUBLIC KEY @Steffen Ullrich – Luigi Sep 26 '17 at 07:29
  • 1
    @Luigi: This is different question and thus should not be asked in a comment. But in short: it's in there and you can see it with `openssl x509 -text -in cert.pem`. – Steffen Ullrich Sep 26 '17 at 09:51
  • Could you please also comment this? But why is there a Client Private Key (and client cert) in the mbedTLS struct?is it only needed if the server needs to verify also the identity of the client? – Luigi Sep 26 '17 at 09:56
  • 2
    @Luigi: I have no idea what code you refer too but a private key on the client side is only needed if you do mutual authentication. – Steffen Ullrich Sep 26 '17 at 11:07