I get the impression you're trying to use crypto to solve a political or social problem.
If website_A has some sort of communication channel to send a signing key to website_B, in which website_B trusts that the public key authentically came from website_A, why not use that channel to send all the certs that need to be signed by the aforementioned key? If website_B will only accept a CSR from an end customer that was originally generated by website_A (and digitally signed by website_A), why does the end customer have to be involved in the transportation of the CSR from website_A to website_B? Let website_A instead have a client authentication cert, and use it to authenticate to website_B and submit the CSR directly. Website_B should only allow a client to connect, if they're able to authenticate as website_A. The whole point of a CSR and PKI infrastructure is to assign trust to a trusted certificate authority. In the question you're asking, the certificate authority needs a way to trust one of the original two parties. The whole system smacks of bad design... You're taking the point of trust away from the Certificate Authority, and moving the point of trust over to website_A. Your whole design undermines and defeats the purpose of the PKI. But if you must... Sure, as long as website_A generates an RSA key, and can keep the private key private and untampered, and somehow communicates the public key to website_B, and website_B somehow prevents it from being tampered, then when website_A generates a CSR, website_A can hash the CSR and then sign the hash. So when website_B sees the CSR and the hash matches the signed hash, and the signature on the hash verifies with the public key that's trusted to be authentically from website_A, then sure. Website_B can verify the CSR was seen by (not necessarily generated by) website_A. You should strongly consider abandoning your creative use of crypto, and instead use a standard client authentication certificate, as described above. Or do some other solution that is a well-known standard. From: Li, Roger [mailto:ro...@visa.com] Sent: Thursday, July 20, 2017 2:49 AM To: dev-crypto-csharp@bouncycastle.org Subject: [dev-crypto-csharp] how to digitally sign CSR to ensure the CSR is indeed generated by us Dear all, We are using C# with bouncy castle .net library to implement a feature. Let us say we work as a website_A to generate CSR for end customer, then end customer will take the CSR we generate to our business partner website_B to acquire a certificate. Previously it worked perfectly fine. Note keyPair.Public and keyPair.Private are from the same RSA key pair. The generated CSR can be validated without any issue here https://certlogik.com/decoder. Pkcs10CertificationRequest request = new Pkcs10CertificationRequest( "SHA256withRSA", new X509Name(subject), keyPair.Public, null, keyPair.Private); However, our business partner website_B wants to validate that any CSR submitted/uploaded by end customer is not only valid but indeed generated by us (website_A). So we create a new pair of RSA keys and pass the new public key to website_B and use the new private key to sign any new CSR. So our code is updated as below. Please note that keyPair.Public and newKeyPair.Privae are from different pairs of RSA keys. The code can still generate CSR, but fail on validation such as https://certlogik.com/decoder. Weird enough though our business partner website_B can still parse/decode the new format of CSR with newKeyPair.Public we pass to them, if CSR validation step is skipped. Pkcs10CertificationRequest request = new Pkcs10CertificationRequest( "SHA256withRSA", new X509Name(subject), keyPair.Public, null, newKeyPair.Private); So my questions are: 1) Is our business partner website_B requirement of digital signature of CSR (so that they can be sure the CSR is generated by us) sound? 2) If yes how we can attach the digital signature of CSR with the original CSR. Please note Pkcs10CertificationRequest can only take one private key. Do we have to create a CSR and separately create a signature so that both of them can be uploaded to website_B? 3) Is there another way to digitally sign CSR with different pair of private key? Thanks, Roger
