Skip to content

Subject Alternative Names for SSL

Last time I blogged about SSL and host-headers I was convinced it is only possible to host multiple SSL sites on one IP address when using a wildcard certifcate. I think I was right at the time, and now comes along Unified Communications UC SSL Certificates (aka Subject Alternative Name).

Same issue as before: host-headers enable you to host several websites on a single IP address. We run into a problem with several SSL certificates on one IP address. The first message a server sends in the SSL handshake contains relevant certificate, the server can only determine which certificate by IP address / port. If there is only one certificate to serve – no need to make a decision!  Here we can serve a UC SSL certificate which is accepted by the web browser for multiple domain names.

I felt like trying this myself, extra curious to know what the certificate will look like in a browser. Managed to get this working in OpenSSL using a combination of two articles:

  1. Creating a Self-Signed Certificate using OpenSSL for use with Microsoft Internet Information Services (IIS) 5
  2. Creating a Certificate With Multiple Hostnames

Follow the steps for creating a CA in the first article. Grab the CA and import it into your IIS box. Switch over to the second article and add the changes to the openssl.cfg

[ CA_default ]
copy_extensions = copy

[ req ]
req_extensions = v3_req

[ v3_req ]

# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# Some CAs do not yet support subjectAltName in CSRs.
# Instead the additional names are form entries on web
# pages where one requests the certificate...
subjectAltName          = @alt_names

[alt_names]
DNS.1   = stoniessl.info
DNS.2   = freemegahost.info

Create a key for the multi domain certificate. Here we are skipping the “create CSR on IIS” step, and creating the key in OpenSSL.

openssl genrsa -des3 -out keys\multi.key 1024

Create a certificate request

openssl req -new -out requests\multi.txt -key keys\multi.key

Sign the certificate request

openssl.exe ca -policy policy_anything -cert certs\ca.cer -in requests\multi.txt -keyfile keys\ca.key -out multi.cer

Export the certificate AND private key (usually the private key would already be on in IIS box if you created the CSR in IIS)

openssl.exe pkcs12 -export -out multi.pfx -in multi.cer -inkey keys\multi.key

You now have a UC SSL cert you can install on the IIS box. By default IIS won’t allow you to enter a host-header when you are setting the SSL binding. There’s a little trick from this article: Using Host Headers and SLL in IIS 7 – give the certificate a friendly name starting with ‘*’!

And what does the certificate look like? Here it is, in IE and FF:

Should you trust lastpass.com?

lastpass.com looks like a handy online service for storing all your website passwords. Browser extensions are available to make the whole process easier. If you use the web from several PCs it does sound nice to have all your passwords available and synced between your PCs.

First thought was wether I should hand over my passwords to the 3rd party, hopefully they are storing them with some serious crypto. Perusing their FAQ I found some info on this:

We only support keeping the encryption done on your computer so LastPass can’t see your sensitive data

…your sensitive data is always encrypted and decrypted locally on your computer before being synchronized. Your master password never leaves your computer and your key never leaves your computer. No one at LastPass (or anywhere else) can decrypt your data without you giving up your password (we will never ask you for it). Your key is created by taking a SHA-256 hash of your password. When you login, we make a hash of your username concatenated with your password, and that hash is what’s sent to verify if you can download your encrypted data.

So they are encrypting everything with a key derived from your password – plus they don’t know your password – so they CANNOT access any of your passwords. Nice. But why stop there? Let’s fire up fiddler to make sure they definitely don’t have my passwords.

I’ve created a junk account on lastpass username: russell.sayers.junk@gmail.com, password: test1234 (the account will be gone by the time you read this!). The first form I see submitted to the server is when I create my account:

username russell.sayers.junk@gmail.com
hash 53c81a859a3f3d4dc3762d3a47bab07fad7ad3f2673724deb20fb420e8bdc03a
password ********
password2 ********
password_hint testing
timezone2 +10:00,1
language2 en-US
agree on
agreeupload on
loglogins on
improve on
json 1

I don’t see my password going to their servers in the clear. I can confirm that the hash getting sent is geniune by creating the same hash elsewhere via an online SHA256 generator, or writing some code myself. Try it yourself, the hash created is SHA256(SHA256(username + password) + password) – everything checks out. All the C# code to verify the encryption/hashing is at the end of the article.

The login form:

method web
hash 53c81a859a3f3d4dc3762d3a47bab07fad7ad3f2673724deb20fb420e8bdc03a
username russell.sayers.junk@gmail.com
encrypted_username T2tBleI3PxuLOoNEwNkv5PZ/rYr5dDIoYZS+We4vER4=
otp
gridresponse
trustlabel
uuid
sesameotp
email russell.sayers.junk@gmail.com
password

Again the same hash is being used to verify me when I login. I can see an encrypted username is being sent (although I’m not sure why?), rooting around in the javascript I can see the key being used for encyption is SHA(username+password). Importantly this is different to the hash being used to authenticate me – as we don’t want the server to be able to decypt anything encypted by the client, i.e. they would have to know my password to derive the same key on their side.

The form to add a new website:

hasplugin 0
extjs 1
search
purgeext 0
deleteext
undeleteext 0
ajax 1
ob
basic_auth 0
isbookmark 0
openid_url
aid 0
useurid 0
fromwebsite 1
name pyJlY+AX0Aoczlx50hwlHg==
grouping
origurl
url 66616365626f6f6b2e636f6d
username ICkGIGAn7SIk16iKNkl3DA==
password dl78FYUSIdsxxSdkBuBWEA==
extra faESoIpzmCQg5PeHpXN0GQ==

We can see here the client is sending encyrypted versions of name, username, password, and the extra info. Again this is encrypted with a key we only have on our client – no one at lastpass could have this key. For some reason the URL is being sent in a HEX representation of the string – not sure why they aren’t just sending the string?

So when I log back into lastpass, I can drill down into this entry and see it again. Let’s make sure everything looks okay here. The HTML that renders this screen is available in fiddler:

<tr>
  <td class='col1'>Name</td>
  <td><input name='name' id='name' type='text' value='pyJlY+AX0Aoczlx50hwlHg==' style='width: 250px'></td>
</tr>
...
<tr>
  <td class='col1'>Username</td>
  <td><input name='username' id='idusername' type='text' value='SgVkuVKH4MjkP+Saz64UhA=='> </td>
</tr>
...
<tr>
  <td class='col1'>Notes</td>
  <td><textarea name='extra' id='extra' rows='6' cols='35'>1rZ3sSuggtdavyCu446GZA==</textarea></td>
</tr> 

The server is sending down our encrypted details, and relying on the client to decrypt everything.

So, yes – you CAN trust lastpass.com with your passwords! Don’t just take my word for it; fire up Fiddler, and compare the hashed/encrypted values with what you expect.

Lastly the c# code to confirm the AES encrypted strings above are geniune.

static void Main(string[] args)
{
    string username = "russell.sayers.junk@gmail.com";
    string password = "test1234";
    string hash_auth = ByteArrayToHexString(SHA256(ByteArrayToHexString(SHA256(username+password)) + password));
    byte[] hash_key = SHA256(username + password);

    Console.WriteLine("hash for authentication => " + hash_auth);
    Console.WriteLine("hash for encryption => " +  ByteArrayToHexString(hash_key));
    Console.WriteLine("'{0}' encrypted => {1}", username, Encrypt(username, hash_key, ""));
    Console.WriteLine("'{0}' encrypted => {1}", "facebook", Encrypt("facebook", hash_key, ""));
    Console.WriteLine("'{0}' encrypted => {1}", "cryptolearner", Encrypt("cryptolearner", hash_key, ""));
    Console.WriteLine("'{0}' encrypted => {1}", "password", Encrypt("password", hash_key, ""));
    Console.WriteLine("'{0}' encrypted => {1}", "no notes", Encrypt("no notes", hash_key, ""));
}

static byte[] SHA256(string data)
{
    byte[] indata = Encoding.UTF8.GetBytes(data);
    SHA256 shaM = new SHA256Managed();
    return shaM.ComputeHash(indata);
}

/// <remarks>From http://social.msdn.microsoft.com/Forums/en-US/csharpgeneral/thread/3928b8cb-3703-4672-8ccd-33718148d1e3</remarks>
static string ByteArrayToHexString(byte[] data)
{
    StringBuilder sb = new StringBuilder(data.Length * 2);
    foreach (byte b in data)
    {
        sb.AppendFormat("{0:x2}", b);
    }
    return sb.ToString();
}

/// <remarks>From http://stackoverflow.com/questions/1079131/c-aes-256-encryption</remarks>
static public string Encrypt(string plaintext, byte[] KeyBytes, string InitialVector)
{
    byte[] PlainTextBytes = Encoding.UTF8.GetBytes(plaintext);
    byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector);
    RijndaelManaged SymmetricKey = new RijndaelManaged();
    SymmetricKey.Mode = CipherMode.ECB;
    SymmetricKey.Padding = PaddingMode.PKCS7;
    ICryptoTransform Encryptor = SymmetricKey.CreateEncryptor(KeyBytes, InitialVectorBytes);
    MemoryStream MemStream = new MemoryStream();
    CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write);
    CryptoStream.Write(PlainTextBytes, 0, PlainTextBytes.Length);
    CryptoStream.FlushFinalBlock();
    byte[] CipherTextBytes = MemStream.ToArray();
    MemStream.Close();
    CryptoStream.Close();
    return Convert.ToBase64String(CipherTextBytes);
}

Expanding on Josh Smith’s WPF MVVM app

Over the holidays I’ve got a start on a new project idea. I decided to do the simple UI of the project as an MVVM WPF app. First thing to do was to google up some sample MVVM WPF app. There are some very good example apps out there, some honourable mentions: Sonic, Karl Shifflett’s Cipher, and Josh Smith’s MVVM Demo App (some good comments on the accompanying blog post: My MVVM article in MSDN Magazine)

Josh’s demo app is simple enough for me to quickly get my head around some WPF and MVVM concepts. But the article includes a challenge 🙂 :

The application does not have support for deleting or editing an existing customer, but that functionality, and many other features similar to it, are easy to implement by building on top of the existing application architecture.

The following is a quick summary on how I added editing to the demo app. This is TOTALLY up for debate. I’m interested to know if I could’ve taken an easier approach. In summary, I’ve added a RelayCommand ‘_editCommand’ up in MainWindowViewModel to display the edit tab. I pass this command down to CustomerViewModel so I can bind it to a new button on AllCustomersView. Am I creating ViewModel’s that are too tightly coupled?

  • MainWindowViewModel.cs
    • added a private field:
      ICommand _editCommand;

    • in the constructor this is pointed to a method in MainWindowViewModel:
      _editCommand = new RelayCommand(cust => EditCustomer(cust as CustomerViewModel));

    • constructors for CustomerViewModel and AllCustomersViewModel are now passed _editCommand
    • added method EditCustomer to display the workspace:

      void EditCustomer(CustomerViewModel workspace)
      {
          WorkspaceViewModel exisitingModel = Workspaces.FirstOrDefault(cust => cust is CustomerViewModel && (cust as CustomerViewModel) ==  workspace);
          if (exisitingModel == null)
          {
              this.Workspaces.Add(workspace);
          }
          this.SetActiveWorkspace(workspace);
      }
      
  • AllCustomersViewModel.cs
    • added a private field:
      ICommand _editCommand;

    • _editCommand is set by a new parameter in the constructor (passed in by MainWindowViewModel)
    • _editCommand is passed to the CustomerViewModel constructor in OnCustomerAddedToRepository and CreateAllCustomers.
  • CustomerViewModel.cs
    • added a private field:
      ICommand _editCommand;

    • _editCommand is set by a new parameter in the constructor
    • fixed the _CustomerType defaulting to ‘not specified’:

      _customerType = (this.IsNewCustomer) ? Strings.CustomerViewModel_CustomerTypeOption_NotSpecified :
          (_customer.IsCompany) ? Strings.CustomerViewModel_CustomerTypeOption_Company : 
          Strings.CustomerViewModel_CustomerTypeOption_Person;
    • exposed _EditCustomer as a public property: EditCustomer
  • AllCustomersView.xaml – bound a new ‘Edit’ button to the EditCommand

    <GridViewColumn Header="Action">
        <GridViewColumn.CellTemplate>
            <DataTemplate>
                <StackPanel>
                    <Button Content="Edit" 
                            Command="{Binding EditCustomer}" 
                            CommandParameter="{Binding}"/>
                </StackPanel>
            </DataTemplate>
        </GridViewColumn.CellTemplate>
    </GridViewColumn>

Wifi Geolocation

Playing around with Google Latitude I was VERY surprised to see Latitude work out my exact location. How are they doing this? I don’t have a GPS in my netbook?

Turns out they use wifi location to do this. When Latitude determines your location it gathers up a list of all the nearby Wifi SSIDs / MAC addresses and sends this to Google. Google have a database of Wifi access point locations created by driving cars around. This database, in combination with the nearby Wifi details, is used to determine your location. Pretty amazing that this actually works! Skyhook wireless is the first company I heard about building a Wifi database.

Always curious to see this stuff in action I fired up Fiddler to see exactly what is being sent to determine my location.

Request:

POST /loc/json HTTP/1.1

{
  "access_token": "2:Fv--0aj9-Vr4_3ir:8uFyciMoILwtrXry", 
  "host": "lfkq9vbe9u4sg98ip8rfvf00l7atcn3d.ig.ig.gmodules.com", 
  "radio_type": "unknown", 
  "request_address": false, 
  "version": "1.1.0", 
  "wifi_towers": [
    {
      "mac_address": "00-0b-6b-81-7b-14", 
      "signal_strength": -72, 
      "ssid": "OA0509-0077-1-M"
    }, 
    {
      "mac_address": "00-0b-6b-81-7d-0d", 
      "signal_strength": -78, 
      "ssid": "OA0509-0096-1-1"
    }, 
    {
      "mac_address": "00-0b-6b-81-7d-0f", 
      "signal_strength": -85, 
      "ssid": "OA0509-0052-2-1"
    }, 
    {
      "mac_address": "00-0b-6b-81-7d-29", 
      "signal_strength": -80, 
      "ssid": "OA0509-0096-2-1"
    }, 
    {
      "mac_address": "00-0b-6b-81-7d-8a", 
      "signal_strength": -82, 
      "ssid": "OA0509-0101-1-1"
    }, 
    {
      "mac_address": "00-0b-6b-81-7e-bd", 
      "signal_strength": -79, 
      "ssid": "OA0509-0052-1-1"
    }, 
    {
      "mac_address": "00-22-3f-9b-f1-a4", 
      "signal_strength": -61, 
      "ssid": "2/107"
    }
  ]
}

Response:

{
  "location": {
    "accuracy": 165.0, 
    "latitude": -33.874097499999998, 
    "longitude": 151.20640280000001
  }
}

Want to add geolocation to your own web application? Check out the Google Gears Geolocation API, or the Firefox’s geolocation object