[cryptography] Malware-signing certs with 512-bit keys

Ondrej Mikle ondrej.mikle at nic.cz
Thu Dec 15 15:23:28 EST 2011


On 12/15/11 17:23, Christoph Klein wrote:
> My name is Christoph Klein and I work at A-Trust in Austria. We have investigated the certificate in question and instantly revoked it after talking to the owner of the domain. 

Great that the cert is revoked.

> We performed further testing and found out, that this was the only certificate issued by our SSL CA with a keylength below 1024.

Uhm...that was the last valid one. There were two more 512-bit ones. Following
one has been revoked this year (but the site in subject CN is still sending it):

-----BEGIN CERTIFICATE-----
MIIEhjCCA26gAwIBAgIDBQrsMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYDVQQGEwJB
VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRYwFAYDVQQLDA1hLXNpZ24tU1NM
LTAzMRYwFAYDVQQDDA1hLXNpZ24tU1NMLTAzMB4XDTA5MDIyMzA5NDMyNloXDTE0
MDIyMzA5NDMyNlowgYsxCzAJBgNVBAYTAkFUMTAwLgYDVQQKDCdXZWluaGFuZGwg
JiBQYXJ0bmVyIEVEVi1Db25zdWx0aW5nIEdtYkgxFTATBgNVBAsMDElULUFidGVp
bHVuZzEcMBoGA1UEAwwTd3d3LmFjcy1wcmVtaXVtLmNvbTEVMBMGA1UEBRMMNDE1
NTI2MzkxODI2MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOGRI4W/QVZHwevEVHaI
Kh4rr7a1vzVMtN+onFKiwMUDhHqF4G3S8I3ifWX8NFbg5IDZhr8iyauQq/1RvQKl
IbUCAwEAAaOCAbswggG3MBMGA1UdIwQMMAqACEA+odNitAPdMHIGCCsGAQUFBwEB
BGYwZDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMDkG
CCsGAQUFBzAChi1odHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXNz
bC0wMy5jcnQwSwYDVR0gBEQwQjBABgYqKAARARQwNjA0BggrBgEFBQcCARYoaHR0
cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLXNzbDCBjwYDVR0fBIGH
MIGEMIGBoH+gfYZ7bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1hLXNpZ24tU1NM
LTAzLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFz
ZT9vYmplY3RjbGFzcz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MBEGA1UdDgQK
BAhN+DMMcvaCMDAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoEUb2ZmaWNlQHdl
aW5oYW5kbC5jb20wCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAld3eAHOx
/pzqlEGKw9s1FhX/bgHoUVo2YYCJVZKMNJ8Pas0LkDmo9HPTHe0Ljx+Zs71FZ7Mp
MHPVnInhcycf9Uha6ypbKtgthOhRabPhcGsdbN9LxZXoVJedUqgtaeccWt40AHG1
HAEYZokLK7NinMcg9UXSmWz0/S0W/69j8OojFSyEgxgQvwzu5u2fMrOmi3eRKUiJ
0yczrKC9EjWV5frKb/ntxW9hqUZxUI6OSlC7G9MQ1kVXC/URM7IQk3XmIWd3U92F
7bwkc4JyjO4FsdbMbGP810R6j6/38yYHoIWtXSxJuZtmWM/vjiSQMoJNhAIoGjDT
AZ0eOiApJ2XA8A==
-----END CERTIFICATE-----

The third one expired a year ago without revocation, serial no. 0x1bc41, subject
CN: secure.selectstrom.at, issuer: "C=AT, O=A-Trust Ges. f. Sicherheitssysteme
im elektr. Datenverkehr GmbH, OU=a-sign-corporate-light-02,
CN=a-sign-corporate-light-02"


Ondrej



More information about the cryptography mailing list