1. Field of the Invention
The invention relates to a method for providing a plurality of tamperproof digital certificates for a plurality of public keys of a device by a certification authority, and to a device, a certification authority, a system as well as a computer program and a data storage medium for implementing the method.
2. Description of the Related Art
In modern data networks, transmission security is usually based on the use of cryptographic methods, such as on encryption for ensuring confidentiality, or on keyed-hash message authentication codes (HMAC) or digital signatures for ensuring integrity protection and authenticity. Cryptographic parameters are required for each of these methods. For these methods, use is often made of asymmetrical methods in which different keys are respectively used for a transmitter and a receiver. In this case, a private key, which must be kept secret, is used to sign messages to be transmitted and to decrypt received messages, and a matching public key is used to verify received messages and to encrypt messages to be transmitted.
For this purpose, the public keys are usually published in the form of a digital certificate that binds the key to data relating to a user. Such a digital certificate is created by a trusted authority, such as a certification authority. Validity can be checked with the aid of the public key from the certification authority, which key was likewise published in the form of a certificate and was integrated, for example, in an operating system, a web browser or an application.
Key pairs and certificates for the end users can be produced directly by the certification authority, for example, and can then be distributed to the users and their devices. However, during this distribution, the private key must be reliably protected from unauthorized disclosure. In order to avoid exposing the private key to the risk of (possibly even unnoticed) disclosure during transport, the key pair can be locally produced in the user's device. Only the public key then needs to be transported to the certification authority, whereas the private key remains only in the device at all times. In contrast, certificates can be transported and distributed in any desired manner because they do not contain any confidential data and are reliably protected from any change via the certification authority's signature.
In order to transport the public key and the associated user data from the local production point to the certification authority, a signing request (also called certificate signing request (CSR)) has been developed as a special data format and has been defined as the cryptographic standard for public keys PKCS#10 and has been described in a standardization document RFC2986 from the Internet engineering task force (IETF). The signing request is “self-signed” by the creator using his private key. Upon receipt, however, the certification authority can therefore only check whether the creator possesses the private key matching the included public key. It is therefore not possible to check whether the user data included in the signing request are correct. Therefore, it is very important that signing requests are accepted by the certification authority only when they have been correctly created and authentically transmitted. If an attacker with his own, self-created signing request containing extraneous user data manages to obtain a certificate from the certification authority, he can feign a false identity with respect to other communication partners and, in the name of another user, can sign data and reach confidential data which were actually intended for another user.
WO 2012/016859 A1 describes an exemplary method and apparatus for the providing a tamperproof certificate, in which a certification authority provides a device with the certificate only if a signaling message received from the device is successfully verified using a one-time password. In this case, the one-time password is transmitted from the certification authority to the device in advance, for example to the user using a data storage medium. However, the disadvantage is that this method requires complicated distribution of the one-time password between the certification authority and the device.
It is often advantageous if, for a device having a plurality of applications, a different key pair is used for each application. For example, a first key pair can be used to encrypt and decrypt data and a second key pair can be used for signatures. The private key for decryption can then be stored in a backup database (recovery database) so that it can be recovered if lost and the user can access his encrypted data again. The private signature key need not and must not be stored in the recovery database. Instead, if lost, a new pair of signature keys is produced and is used to produce and check future signatures. Signatures that have already been previously produced can still be checked with the old public key.
The use of a plurality of key pairs for each device is sometimes also required by standards. For example, the technical guideline TR-03109 from the German Federal office for information security (Bundesamt für Sicherheit in der Informationstechnik (BSI)) requires that a future smart metering gateway must use one key pair for secure communication using the TLS protocol, a further key pair for signatures of the measurement data and a third key pair for end-to-end encryption of the transmitted data.