Modifying X509 certificate

问题

This question was migrated from Software Engineering Stack Exchange because it can be answered on Stack Overflow. Migrated 5 years ago.

I want to show that if I modify one bit or byte from a given X509 certificate the signature verification results false (because this modification results different hash value from the certificate). I'm stuck in the case that how to do the modification on the certificate using getTBSCertificate() method. My following code does the verification process perfectly BUT I tried to make it fail using bit or byte modification's idea but it doesn't work. Note that this idea that I proposed is to proof that any modification on the certificate will make a failure while signature verification

public class VerifyX509 {

private static Certificate getCACert;
private static Certificate[] getCert;

public static void main(String[] args) throws CertificateEncodingException {
    setURLConnection("https://www.google.com");
    X509Certificate x509cert= (X509Certificate) getCert[0];
    byte[] b= x509cert.getTBSCertificate();
    b[0] = (byte) ~b[0];
    // HOW TO UPDATE getTBSCertificate() after flipping the b[0] to make Verify() in my method verifySign() return false!
    verifySign();

  }


public static void setURLConnection(String link){

    try{
        int i=1;
        URL destinationURL = new URL(link);
        HttpsURLConnection con = (HttpsURLConnection) destinationURL.openConnection();
        con.connect();
        getCert = con.getServerCertificates();
        for (Certificate c : getCert) 
        {
            if (i==2)
            {
                getCACert= c;
                return;
            }
            i+=1;
        }
        }catch (Exception e1) {
        JOptionPane.showMessageDialog(null, "Error while connection! Check your Internet Connection.");
        e1.printStackTrace();
        }

}


public static boolean verifySign()
{

        try
        {
            getCert[0].verify(getCACert.getPublicKey());
            return true;
        } catch (GeneralSecurityException e2)
        {
            return false;
        }
}
}

How can I setup proof-of-concept code to show that the verification while fail?

回答1:

Note that this idea that I proposed is to proof that any modification on the certificate will make a failure while signature verification.

You can demonstrate this (to a certain probability of correctness) by simply flipping random bits in valid certificates and then attempting yo validate them.

However, you cannot prove this like this. A proper proof requires:

1. A mathematical proof that a properly implement X509 certificate has this property.

2. A formal-methods proof that the code that is loading the certificate and doing the verification is correctly implemented.

回答2:

byte[] b= x509cert.getTBSCertificate();
b[0] = (byte) ~b[0];

Changing a byte in an array that you have obtained from the certificate doesn't change the certificate.

You would have to reload it from the byte array using a CertificateFactory.

回答3:

Mr. Mike, all what you have to do is to get the row data DER-encoded certificate information (TBS part) and you can extract it as below

URL url = new URL("https://www.google.com/");
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.connect();
Certificate userCert[] = con.getServerCertificates();
        X509Certificate x509cert = ((X509Certificate) userCert[0]);


        byte[] tbs=x509cert.getTBSCertificate(); 

Then copy the content of the array b to another array bcopy through a loop and do what ever modifications you want (i.e by using the masking technique Anding with x55) after that you can get the hash value through

    String sha1 = "";
MessageDigest crypt = MessageDigest.getInstance("SHA-1");
        crypt.reset();
        crypt.update(bcopy);
        sha1 = byteToHex(crypt.digest());

private static String byteToHex(final byte[] hash)
{
    Formatter formatter = new Formatter();
    for (byte b : hash)
    {
        formatter.format("%02x", b);
    }
    String result = formatter.toString();
    formatter.close();
    return result;
}

at this point you have the hash value of the modified certificate, you can go now and extract the signature from the original certificate [ byte[] sig= x509cert.getSignature(); ] and decrypt the signature to get the hash value and compare it with the modified hash value, good luck ;)

回答4:

If you look at RFC 5280, the cert has 3 fields:

• tbsCertificate
• signatureAlgorithm
• signatureValue

The signatureValue is the very last item in the certificate.

I had a similar requirement. These are the steps I followed:

• Have 1 certificate in .crt format (base-64 encoded) file. The cert is enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
• Edit the very last character of the certificate on the line just before the END CERTIFICATE line. Just add 1 to that character or reduce by 1. If the last character is x, make it either y or w.

This will change the signature in the certificate and the signature won't be valid anymore.

来源：https://stackoverflow.com/questions/21917034/modifying-x509-certificate