GnuTLS library adheres to the OpenSS (Open Source Security Suite) standard, a significant departure from the former GNU policy.
Emacs becomes more secure by adhering to a more robust standard for cryptographic libraries. It also helps avoid confusion when working with third-party TLS implementations, meaning GnuTLS can be used by anyone wanting to utilize TLS or certificates without fear of violating the OpenSSL license.
1. X.509 Certificates
PKI (Public Key Infrastructure) provides a set of encryption and data communications standards designed to secure communication over public networks. It focuses on building trust between clients, servers and certificate authorities (CAs), creating an ecosystem of secure cryptographic keys.
These certificates, commonly referred to as SSL certificates due to their compatibility with the Transport Layer Security protocol (TLS), allow users to confirm a website is legitimate and hasn’t been compromised by malicious actors. They’re also employed for email authentication, code signing and document signing purposes.
In 1988, the International Telecommunication Union’s Telecommunication Standardization Sector published the initial X.509 standard as part of their Directory Services Standard. Version 2 followed two years later in 1993 and added fields for directory access control as well as subject and issuer unique identifiers.
The Internet Engineering Task Force (IETF) recently refined and published the Public Key Infrastructure Certificate and Revocation List profile standard, known as CRL or Profile, for better compatibility on the internet. Now this standard serves as the go-to standard for X.509 certification and revocation lists on the web.
Certificates are structured binary records containing several key-value pairs. They are encoded using the platform-independent ASN.1 encoding format, with both “basic encoding rules” and “distinguished encoding rules.”
In general, X.509 certificates are symmetrically encrypted – that is, they use one key to encrypt information and another key to decrypt it. Asymmetric encryption data utilizes both public key and private key pairs that are mathematically related.
The public key is used for encryption, while the private key decrypts it. Both keys derive from one single original key, making them secure from theft or use without knowledge of its source.
A CA with access to the relevant private key then verifies the certificate, sending back an X.509 certificate which includes public key, signature algorithms, issuer and subject names, serial number any extensions present and any trust settings. This blob of data contains public key, signature algorithms, issuer/subject names, signature algorithms, trust settings etc.
2. X.509 Keys
GnuTLS and OpenSS utilize X.509 Keys as a secure means of exchanging information over the internet, protecting against man-in-the-middle attacks and verifying that data shared comes from an authorized source.
When a web browser requests a certificate from a website, it uses its public key to encrypt data before sending it. Once encrypted, this data is sent to the server where it decrypts it using its private key and sends it back to the browser.
The key size or bit length of a certificate’s public keys determines its encryption strength. For instance, 2048-bit RSA keys are commonly used for SSL certificates and digital signatures because they offer enough cryptographic protection against cracking the algorithm. This key length provides sufficient protection to keep hackers at bay.
Certificates can also be used to add digital signatures to emails, code, and compiled applications. This verification helps prevent unauthorized entities from altering the code or application and makes tracing the origin of software easier.
A certificate consists of three main elements: the subject public key info, issuer public key info and extension. The first two are used primarily for certificate validation while the third serves to maintain relationships between CAs and other entities.
V3 certificates come with several extensions that specify additional properties for the certificate, such as acceptable key usages and additional identities to bind a key pair to. These extensions can be defined by anyone and often feature in certificates to improve network infrastructure security.
One popular extension is KeyUsage, which limits the use of a public key to specific purposes like signing. Another popular choice is AlternativeNames, which permits other identities to bind with the same key pair.
These extensions are typically employed by servers and networks to verify the identity of their users. Furthermore, they provide a convenient means for verifying the integrity of an individual’s public key.
3. TLS
TLS (Transport Layer Security) is a protocol designed to establish secure connections between servers and clients across a network. It utilizes various encryption techniques to protect information during transit, as well as allowing users to verify the identity of the server they’re connecting to.
This Free Software library has been adopted by many companies to protect their online presences. It is the default TLS library for Red Hat Enterprise Linux 7 and other Linux distributions, as well as for many popular web services.
Recently, several security flaws in TLS protocols have been identified, such as BEAST in 2011, CRIME in 2012, BREACH in 2013, and Heartbleed (2014). These exploits could allow a third party to view encrypted data and compromise online systems’ integrity.
To combat these risks, TLS was updated with features designed to enhance security and minimize attacks. These include an efficient key exchange protocol, redesigned cryptographic algorithms, and the addition of a key agreement mechanism.
This new approach to communication security simplifies the agreement between two sides on how best to utilize a cipher suite during handshake. Furthermore, it increases connection speed by employing fewer, more trusted algorithms for encrypting messages.
During the handshake process, the client sends a ClientHello message to confirm its negotiated connection parameters with the server, and vice versa. If desired, the client may choose to utilize another cipher suite or key exchange method than what was agreed upon during handshake; in such case, it must send a ChangeCipherSpec (CCS) message in order to inform the server of any modifications.
When a TLS handshake fails, the failure message will contain an array of error codes. These codes can help identify what went wrong; some errors will simply return “no such” from the server while others provide more specific error messages. To pinpoint exactly where the issue lies, set your gnutls-log-level to 1 or 2, and look for debugging information in the *Messages* buffer after connection termination.
4. DTLS
DTLS (Distributed TLS) is a type of datagram transport with some additional elements not found in traditional TLS. It’s ideal for streaming applications where losses are less important than latency, such as VoIP or live video feeds.
The DTLS protocol consists of two parts: the handshake and retransmission of messages. During the handshake, clients and servers exchange a ClientHello message and ServerHello before receiving a CertificateMessage from the DTLS Server – this serves to issue digital certificates valid to clients as part of its security measure.
In addition to enabling a client to select an encryption type, the DTLS handshake also enables a server to verify the client’s identity. This is essential in preventing attackers from impersonating the server and compromising network connections.
Once the DTLS server receives the second ClientHello message, it will send a ServerHello to identify the type of encryption selected by the client and verify its cookie is valid. If everything checks out correctly, they’ll respond with a ServerHelloDone message indicating no further handshakes are needed. Usually following this, clients receive a CertificateMessage containing an digital certificate to authenticate their identity.
As with TLS, DTLS handshakes can be vulnerable to Denial of Service (DoS) attacks. This occurs when an adversary causes the DTLS server to consume system resources in order to process multiple handshake requests simultaneously.
The client may also be vulnerable to amplification attacks. This occurs when an adversary uses IP spoofing techniques to cause the DTLS server to send a large CertificateMessage response back to the victim’s IP address. This could cause their network connection to slow or break down, creating major security risks.
The DTLS retransmission mechanism enables applications to combine out-of-order DTLS records into a more reliable datagram for delivery. However, since DTLS was designed with datagrams that are out of sequence, any retransmission must be handled carefully and efficiently so as not to negatively impact performance.
