RE: Using SSL private key for cookie's HMAC

["Michael Silk" <michaels () phg com au>]

Hi,

        I probably would not be re-using the SSL key; consider if your
SSL certificate updates but you still have people with the old
SSL-Private key-encrypted cookie waiting to connect to your site. They
browse back, after your SSL update, only to discover an error message,
because your app can no longer decrypt, or match, or whatever, their
cookie data.

        Further, consider another situation where you may have different
SSL certificates for different sub-domains, but one cookie for the
entire domain; which SSL cert do you use to encrypt your cookie?

        There doesn't seem to be any benefit at all using the same key,
only headaches, so just generate your own :)

-- Michael
 

-----Original Message-----
From: Jeff Williams [mailto:jeff.williams () aspectsecurity com] 
Sent: Tuesday, 31 August 2004 11:38 PM
To: Simon Zuckerbraun; webappsec () securityfocus com
Subject: Re: Using SSL private key for cookie's HMAC

Simon,

I'm curious too. Assuming you use the private key properly, are there
any risks associated with using the private key for purposes other than
SSL.
Could the SSL private key be safely used as a "master key" for
encrypting and signing other things on the web server?

I suspect the reasons to use a separate key are for better key
management.
You'll want to change keys periodically and it might just be easier if
you don't have to change the site's SSL cert as well.  So I think it's
an interesting idea, but it's probably just as easy to have a separate
key for purposes other than SSL.

--Jeff

Jeff Williams
Aspect Security, Inc.
http://www.aspectsecurity.com

----- Original Message -----
From: "Simon Zuckerbraun" <szucker () sst-pr-1 com>
To: <webappsec () securityfocus com>
Sent: Friday, August 27, 2004 12:42 AM
Subject: Using SSL private key for cookie's HMAC


> I'm pondering a design question regarding a web application that is to
> operate over SSL. We want to include an HMAC in our cookies to prevent
> tampering. To produce an HMAC, the server must be configured with a
> private key.
>
> Since the website operates with SSL, the server already *has* a
private
> key available: the private key of its SSL certificate. Is there any
harm
> in using this same private key for producing the HMACs as well?
>
> Thanks,
> Simon




This email message and accompanying data may contain information that is confidential and/or subject to legal 
privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying 
of this message or data is prohibited. If you have received this email message in error, please notify us immediately 
and erase all copies of this message and attachments.

This email is for your convenience only, you should not rely on any information contained herein for contractual or 
legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by 
authorised persons.