##master-page:AuditResultTemplate
##master-date:2014-06-24
#acl BenediktHeintel:read,write,delete,revert,admin BoardGroup:read All:read
#format wiki
#language en

= Audit Results Session 2015.4 =
## select in each field one
## Review of Internal controls, Compliance Review, Operational or Management Audit, Financial Audit, Special Investigation
|| Audit Type         || Operational Audit ||
## Draft, Formal Draft, Final Report
|| Report Status      || Final Report ||
## Audit plan, Directive of Board, Request of ''XX''
|| Audit initiated by || Directive of Board ||
|| Audit Subject      || Audit over Test Root Re-Signing  ||
## Comments received, comments integrated, agreed, needs rework
|| Follow up status   || 2015-10-14 Send to Board for approval ||
||                    || 2015-10-25 Approved by board in [[https://community.cacert.org/board/motions.php?motion=m20150803.4|m20151018.1]] ||

<<TableOfContents()>>
== Executive Summary ==
The cryptographic hash function MD5 is depreciated and its support will be removed from all browsers in the future. CAcert is using MD5 as hash algorithm in its self-signed root certificate. This would be no problem, since it is the trust anchor by itself but the removal of browser support will make the use impossible on one day.

For this reason, the software team created a [[https://github.com/yellowant/cacert-procedures|github repository]] with scripts re-signing the current root certificates using SHA256 as signature algorithm; based on [[https://bugs.cacert.org/view.php?id=1305|Bug 1305]].

During the audit four recommendations have been identified.

== Purpose, Scope and Methodology ==
Re-signing root keys is - as generating them - a significant task for a certificate authority. It should be carefully designed and monitored. To validate the correctness and completeness is therefore an important task. The test run on root re-signing has exactly the goal to provide evidence on correctness and completeness of the process, while audit verifies additionally the sanity of the keys generated. The Audit was conducted as an inspection of the [[Roots/Class1ResignProcedure|process]]. The scripted process was validated.

The process to audit includes only the review of the generation scripts, the preparation (build and sign the software) and the resigning of the certificate itself, the transferral of the keys to data center and any further steps are not part of the audited process.

== Audit Results and Recommendations ==
=== Tool review ===
The software and the script to re-sign the root certificate with SHA256 has been audited. There is no objection with software and tool. Prior use with CAcert's root keys, two formal software assessments must be done and the procedure accepted by board.

=== Test run attendance ===
The test generation session was attended by
BennyBaumann (Lead), FelixDörre, WytzevanderRaay (Critical Admin, Acting), MartinSimons (Critical Admin), MartinGummi (Observer), BenediktHeintel (Protocol), MarcusMaengel (Observer, 1st run only), DirkAstrath (Observer, 2nd run)

=== Test run preparation ===
 * USB sticks are checked for sanity, formatted with ext3 and placed on the table so everyone could see if touched
 * USB stick with signer software including test root certificate and pass phrase
 * Notebook for generation had no battery, hard disk drive, WLAN, WWAN connected
 * Notebook is attached to an UPS
 * Notebook screen attached to projector, displaying the screen operated on

=== Test run preparation I protocol ===
All steps at the notebook had been conducted by WytzevanderRaay:
 1. Notebook booted from live CD
 1. Start rypescript/timelog for logging activities on the console
 1. Mounted USB stick with source code
 1. installed additional packages from stick
 1. Copy source code from USB stick to /ramdisk
 1. Generated public-private key pair with key size 2048 bit
 1. Divided public key from private key
 1. Displayed fingerprint of public key:
{{{
37ef a6a2 6692 bcc2 e610 f5c7 
4306 ee2f 6618 8b80 7c1d 96b8 
d83c 81a4 3369 0655
}}}
 1.#9 Validated source codes fingerprint (hash value), last minute changes approved by BennyBaumann
{{{#!wiki warning
Disturbance of the re-signing test session for non-urgent business for about 10 minutes.
The procedure was not compromised, but the participants concentration was for the next 15 minutes
}}}
 1.#10 Created signature for test root key with private key 
 1. Stored software, fingerprints, and public key on USB stick
 1. Deleted private key
 1. Copied transcript to online USB stick
 1. Unmounted USB sticks and shut down notebook

Decision to automate the software build and signing process and reduce the steps needed. 45 minutes break before the second test run.
=== Test run preparation II protocol ===
Created script ''execute.sh'' for certificate re-sign.

SHA256 fingerprint of ''execute.sh'':
{{{
602b 8c23 17ea 8afa 1e84 b845
0cb4 0aa4 abcf f499 f1c8 fcee
bddd 81be 4578 a9ab
}}}

 1. Notebook booted from live CD
 1. Start typescript/timelog for logging activities on the console
 1. Mounted USB stick with source code
 1. installed additional packages from stick
 1. Copy source code from USB stick to /ramdisk
 1. Unmounted USB stick with source code
 1. Mounted plain USB stick
 1. Verified SHA256 hash sum of ''execute.sh'' (matches)
 1. Run ''execute.sh''
 1. Displayed fingerprint of public key:
{{{
8d96 662f e571 c54d 9cb3 b466
bacf 8e0c fbd0 6102 8fb1 6243
9a56 c724 4e3b 3f11
}}}
 1.#11 Script finished successfully
 1. Stored typescript on USB stick
 1. Unmounted USB stick and shut down notebook

=== Test run re-signing protocol ===
The actual re-sign must be done on the signer; the test run was conducted on same notebook used for the preparation.

 1. Notebook booted from live CD
 1. Start typescript/timelog for logging activities on the console
 1. Created needed directories in /ramdisk
 1. Mounted USB stick with source code
 1. Mounted USB stick with signer software
 1. Unencrypted ''root.crt'' with ''root.key''
 1. Re-signing software ''main'' executed; finished without error
 1. Checked results of ''root_256.crt'':
{{{
Hash Algorithm: SHA256
x509v3CRL distribution point added
NetscapeCARevocationURL added
AuthorAuthorityInformationAccess (OCSP) added
}}}
 1.#10 copied ''root_256.crt'' and typescript to USB stick
 1. Unmounted USB stick and shut down notebook

The [[attachment:CAcert_Test_Server_Root_Re-Sign.tar|content]] from the [[attachment:sealed_envelop_front.jpg|sealed]] [[attachment:sealed_envelop_back.jpg|envelope]] 
and the [[attachment:Test-Server_Class1_256.crt|Re-signed Test Server root Certificate]].

=== Certificate handling ===
There are two sets of the USB sticks created. Each USB stick put in one envelope, both envelops sealed,
 * one stick is kept with BenediktHeintel (see [[attachment:sealed_envelop_front.jpg]] & [[attachment:sealed_envelop_back.jpg]]),
 * one stick is kept with WytzevanderRaay

BenediktHeintel is supposed to disclose the content of his stick after the installation of the new root on the test server.

=== Discovery ===
The [[https://github.com/yellowant/cacert-procedures/blob/master/rootResignSHA256/procedure.txt|process description]] was read aloud and followed during the creation with the following mutual between Software, Critical Admins, and Audit agreed derivations:
 * The source code integrity was not checked; the source code was directly downloaded from the repository
 * The memtest86+ runs have been skipped
 * All offline components have been stored on two USB sticks (each with complete set) instead of on three different
 * The Fingerprints of the keys are written on the sealed envelopes and not send to board

All of these derivations are okay since this was only a test run. Nevertheless, the decision was unanimously taken, to use the re-signed certificate for the test root signer. The certificate is therefore flagged as test root certificate.

=== Non-Conformities ===
None

=== Recommendations ===
 I. Enclose the last ''echo'' commands in execute.sh in quotation marks. (''implemented'')
 I. Transfer the procedure from github to CAcert's Wiki.
 I. Disturbance should be avoided under all circumstances. Before the session, every mobile phone and pager should be switched off and put on top of a table, also the door should be closed during the session and entering and leaving the room should be forbidden while the session is running. (This of course does not apply in a case of emergency.)
 I. Have USB sticks of different brands available to avoid failures of hardware and compatibility issues.

== Auditor ==
-- BenediktHeintel <<DateTime(2015-10-14T19:40:17Z)>>

----
 . CategoryAudit
 . CategoryAuditProgramm2015