[cryptography] Malware-signing certs with 512-bit keys

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Dec 7 09:17:30 EST 2011

Ondrej Mikle <ondrej.mikle at nic.cz> writes:

>It's issued by A-Trust (not A-Data).

Well I had to put something in there to validate the "Any inadvertent mangling
of details was my fault" :-).

>The Hongkong Post certs lack EKU extension, but 'key usage' does not contain
>'digital signature'. That makes them probably unusable for Microsoft's code-
>signing scheme, but I don't know about other code-signing implementations.

How effectively is that enforced though?  CryptoAPI will quite happily allow
the use of encryption-only keys (AT_KEYEXCHANGE in CryptoAPI terminology) to
be used for signature generation and verification (amusingly, the CryptoAPI
workhorse signature-generation function CryptSignHash(), while on the one hand
not allowing you to select from among your signature keys the one that you
want to use for signing does on the other hand allow you to indicate
specifically that you want to use your AT_KEYEXCHANGE encryption key to
generate a signature).  In the past developers have had considerable problems
getting (for example) Windows to stop using a kU digitalSignature-flagged cert
for encryption.  So just because the kU is set a certain way doesn't mean it
won't be used for something completely different.


More information about the cryptography mailing list