Skip to main content

What SSH SFTP public key authentication issues will customers need to be aware of when Cerberus moves to OpenSSL 3 and TLS v1.3?

Ian Butteriss
  • Updated

Once Cerberus moves to OpenSSL 3, if you have FIPS turned on and you have SFTP users with RSA public keys generated using PuttyGen before 0.75, authentication by those users may no longer be supported. This is because their public keys may have an exponent (e) = 37.

Explanation:

In OpenSSL 3, FIPS public key verification follows FIPS 186-4 rules – see section B.3.1

which contains this requirement:

In addition, all IFC keys shall meet the following criteria in order to conform to FIPS 186-4:

1. The public exponent e shall be selected with the following constraints:

(a.) The public verification exponent e shall be selected prior to generating the primes p and q, and the private signature exponent d.

(b.) The exponent e shall be an odd positive integer such that: 216 < e < 2256.

Note that the value of e may be any value that meets constraint 1(b), i.e., e may be either a fixed value or a random value.

So e must be greater than 65536 (bit count greater than 16 and less than 257). PuttyGen before version 0.75 uses e=37 (bitcount of 6). Such keys will fail validation as they are not FIPS compliant.

Beginning with version 0.75, PuttyGen changed their e value to 65537 and new keys will be FIPS compliant.

Test Script:

As a convenience for our customers, Cerberus offers this Powershell script which will scan your native Cerberus users and determine if any of the keys are in a format generated by PuttyGen and test them.

If you are using public keys with AD/LDAP, you will need to look out for the log messages and then check your AD/LDAP user via Windows.

If a public key fails, a message showing the user affected and the full path to the public key will be displayed. This will give you a chance to contact the owner of the key pair to advise them to recreate their key pair via PuttyGen 0.75 or above.

weak-exponent-scanner-sample__1_.png

Here is a link to download the script (downloads a zip called scan-native_pubkeys.zip). 

Hashes to verify the script download:

MD5:    5b5b9cf5d8a77b0dd12b5177f24c3a2a
SHA1:   b915c704d4592d5df32c23f07db9fd40b5cc2968
SHA256: 15cdbc29c713c5a3e2d412cac32a5815bea3c20cc788be9618ae66694f3386ec

Instructions on how to run the scan:

Download and unzip the scanner script

Open a Windows Command Window

To run the scan:
`'powershell.exe -file .\scan_native_pubkeys.ps1'
 
If you get an error forbidding the running of scripts, it is possible to use the bypass parameter to allow the script to run:
'powershell.exe -executionpolicy bypass -file .\scan_native_pubkeys.ps1'

Related articles

Comments

0 comments

Please sign in to leave a comment.