CMP security configuration in Certificate Manager
This article describes the security configuration for CMP in Certificate Manager and some configurable parameters in the cmp.conf file.
CMP has additional security features supported by PGW. Device keys are always generated in the device. The inner request is always signed by the newly generated key for the sake of Proof of Possession (PoP) of the key. The device authenticates against the CMP server with an outer signature. This signature is created either with a password based mac using a shared secret or a private key, which is certified either in a vendor certificate, that is, signed by the manufacturer's CA and loaded in the device during production, or in an operator certificate, that is, signed by the operator's CA and loaded in the device using CMP. The device signs all requests and confirmations with the password-based mac or either key.
Encrypt device certificate
The CMP service also signs all responses and confirmations. It can also encrypt the newly issued device certificate with the device certificate's public key. This is configured with the enroll.encryptcertificate parameter and provides additional protocol security to protect the certificate from becoming publicly known before the device has received the certificate and sent the confirmation.
Use password-based mac
By default, the CMP service will use a private key to sign all its responses back to the requesting device. However it is possible to configure the CMP service to respond with a password based mac using the shared secret of the current device. If the cmpresponsebuilder.allow.passwordbasedmac parameter inside the certificate format cmp.conf is set to true, then the CMP service will sign all responses with a password based mac, if and only if the device initiated the the first transaction request with a password-based mac, and if no error occurred during the transaction. This means if the device used a secret to sign its ir, cr or kur requests, the CMP service will respond with a password-based mac, if the secret is known. Else it will sign with a private key. During the transaction, the device is not allowed to change its protection algorithm until the transaction has finished, that is, during a confirmation.
Verify salt and iteration count
When the device is using a password-based mac, the CMP service will verify that the parameters, salt and iteration count, are not too low or too high. The allowed spans can be configured in the Protocol Gateway certificate format cmp.conf. See the passwordbased.<xxx> parameters in the example below.
Example
Example: cmp.conf
[Info]
FileFormatVersion = 1
Description = CMP request format.
Type = EU
[Modules]
CMPRequestVerifyer = 1
CmpPopVerifyer = 2
CertificateReader = 3
FieldOperator = 4
FieldComposer = 5
RequestVerifier = 6
CmpRequestCaller = 7
CmpResponseBuilder = 8
CmpErrorMessageBuilder = 9
[FormatDefinitionFields]
;; Should the resulting certificate be encrypted or not?
enroll.encryptcertificate = false
passwordbased.saltlength.min = 10
passwordbased.saltlength.max = 50
passwordbased.iterationcount.min = 500
passwordbased.iterationcount.max = 1000000
cmpresponsebuilder.allow.passwordbasedmac = false