在 WCF 中使用自签名证书是否安全?
想象一下,我们正在使用带有 WCF(私钥/公钥对)的经典非对称加密。显然,在私钥不被盗之前它是安全的。我们不需要密钥之间的任何信任链,对吧?客户端只需要知道其服务器的公钥,反之亦然。
仅当客户端事先不知道服务器的公钥并在第一次访问时获取它时,才会出现问题。这里我们面临着实际服务器是“中间人”而不是真实服务器的风险。这里我们需要证书。客户端访问服务器,获取其证书(包含公钥)并验证它。
为了验证,客户端需要确保服务器的证书是为此特定服务器颁发的。这里我们需要信任链。正确的?
如果客户端使用 MessageSecurity.Mode=Certificate 通过 WCF 访问服务器提前知道服务器的证书(其公钥),那么即使证书是自签名的,我们是否可以说通信是安全的?
通常人们认为使用自签名证书并不安全,在生产中应始终避免使用。
但为什么?如果客户端知道预期的公钥,然后获取证书,将其视为可信(通过将其公钥与预期的公钥相匹配),那么它不会取消服务器必须使用其私钥加密有效负载的事实。当且仅当私钥和公钥一起创建时,才能用公钥成功解密密码。
你能看出我的推理有什么缺陷吗?
如果它是正确的,那么我可以确定使用自定义 X509CertificateValidator 并将客户端代理的 ClientCredentials.ServiceCertificate.DefaultCertificate 设置为某个固定(在客户端上)X509Certificate 安全吗?
自定义 X509CertificateValidator 是这样的:
public class CustomCertificateValidator : X509CertificateValidator
{
private readonly X509Certificate2 m_expectedCertificate;
public CustomCertificateValidatorBase(X509Certificate2 expectedCertificate)
{
m_expectedCertificate = expectedCertificate;
}
public override void Validate(X509Certificate2 certificate)
{
ArgumentValidator.EnsureArgumentNotNull(certificate, "certificate");
if (certificate.Thumbprint != m_expectedCertificate.Thumbprint)
throw new SecurityTokenValidationException("Certificated was not issued by trusted issuer");
}
}
Imagine for a moment that we're using classic asymmetric encription with WCF (private/public key pairs). Obviously it's secure until private keys aren't stolen. We don't need any trust chains between keys, right? Client only needs to know its server's public key and vice versa.
A problem arises only if client doesn't know server's public key in advance and gets it on the first access. Here we have a risk that actual server is a "man-in-the-middle" instead of the real server. Here we need certificates. Client accesses a server, gets its certificate (which contains public key) and validates it.
For validation client needs to make sure that server's certificate was issued for this particular server. And here we need trust chains. Right?
If a client accessing a server via WCF with MessageSecurity.Mode=Certificate knowns in advance the server's certificate (its public key), can we say that the communication is secure even if the certificate is self-signed?
Usualy it's believed that using self-signed certifacate is not secure and should be always avoided in production.
But why? If client knows expected public key then gets a certificate, treats it as trusted (by matching its public key with the expected one) then it doesn't cancel the fact that the server must encypt payload with its private key. And the cypher can be decrypted successfuly with pulbic key if and only if the private key and the public key were created together.
Can you see any flaws in my reasoning?
If it's correct then can I be sure that using a custom X509CertifacateValidator and setting client proxy's ClientCredentials.ServiceCertificate.DefaultCertificate to some fixed (on the client) X509Certificate secure?
Custom X509CertifacateValidator is something like this:
public class CustomCertificateValidator : X509CertificateValidator
{
private readonly X509Certificate2 m_expectedCertificate;
public CustomCertificateValidatorBase(X509Certificate2 expectedCertificate)
{
m_expectedCertificate = expectedCertificate;
}
public override void Validate(X509Certificate2 certificate)
{
ArgumentValidator.EnsureArgumentNotNull(certificate, "certificate");
if (certificate.Thumbprint != m_expectedCertificate.Thumbprint)
throw new SecurityTokenValidationException("Certificated was not issued by trusted issuer");
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是的,你的理解是正确的,但是它忽略了一件事——事情会随着时间而改变。如果服务器的私钥被泄露或服务器的证书以其他方式(无论什么)变得无效,PKI 提供了证书吊销和吊销检查的机制。对于自签名证书,这是不可能的(至少在不构建自定义 PKI 基础设施的情况下)。
解决此问题的一种方法是创建将用作 CA 证书的自定义自签名证书。使用此证书对服务器证书进行签名并将吊销信息放入 CA 证书中。然后将 CA 证书添加为客户端受信任的证书,并根据此 CA 证书执行服务器证书的验证并检查吊销。这意味着您必须在某些(可能是私有的)Web 服务器上发布 CRL,或者运行 OCSP 响应程序。
Yes, your understanding is correct, however it misses one thing - things change over time. If server's private key is disclosed or server's certificate becomes invalid in other way (whatever), PKI offers the mechanism for certificate revocation and revocation checking. And with self-signed certificates this is not possible (at least without building custom PKI infrastructure).
One way to address this problem is to create a custom self-signed certificate which will be used as a CA certificate. Use this certificate to sign the server certificate and put revocation information into the CA certificate. Then add the CA certificate as trusted on the client side, and perform validation of server's certificate against this CA certificate and also check revocation. This means that you will have to either publish CRLs on some (possibly private) web server, or run the OCSP responder.