可以使用自签名证书与WCF安全吗？ [英] Can using self-signed certificates with WCF be secure?

问题描述

想象一下，我们正在使用WCF（私有/公钥对）的经典非对称加密。显然，它是安全的，直到私钥不被窃取。我们不需要键之间的任何信任链，对吧？客户端只需要知道其服务器的公钥，反之亦然。

Imagine for a moment that we're using classic asymmetric encription with WCF (private/public key pairs). Obviously it's secure until private keys aren't stolen. We don't need any trust chains between keys, right? Client only needs to know its server's public key and vice versa.

只有当客户端不知道服务器的公钥并获得第一次访问时，才会出现问题。这里我们有一个风险，实际的服务器是一个中间人，而不是真实的服务器。这里我们需要证书。客户端访问服务器，获取其证书（包含公钥）并验证。

A problem arises only if client doesn't know server's public key in advance and gets it on the first access. Here we have a risk that actual server is a "man-in-the-middle" instead of the real server. Here we need certificates. Client accesses a server, gets its certificate (which contains public key) and validates it.

对于验证客户端，需要确保为此特定服务器发出了服务器的证书。在这里我们需要信任链。对？

For validation client needs to make sure that server's certificate was issued for this particular server. And here we need trust chains. Right?

如果通过WCF使用MessageSecurity.Mode = Certificate访问服务器的客户端预先知道服务器的证书（其公钥），那么我们可以说通信是安全的如果证书是自签名的？

If a client accessing a server via WCF with MessageSecurity.Mode=Certificate knowns in advance the server's certificate (its public key), can we say that the communication is secure even if the certificate is self-signed?

通常认为使用自签名证书是不安全的，应该在生产中避免使用。

但为什么？如果客户端知道预期的公钥，然后获取证书，将其视为受信任的（通过将其公钥与预期公钥匹配），那么它不会取消服务器必须使用其私钥加密有效载荷的事实。并且密码可以成功地用pulbic密钥解密，如果且仅当私钥和公钥一起被创建时。

Usualy it's believed that using self-signed certifacate is not secure and should be always avoided in production.
But why? If client knows expected public key then gets a certificate, treats it as trusted (by matching its public key with the expected one) then it doesn't cancel the fact that the server must encypt payload with its private key. And the cypher can be decrypted successfuly with pulbic key if and only if the private key and the public key were created together.

你能看到我的推理有什么缺陷吗？

Can you see any flaws in my reasoning?

如果它是正确的，那么我可以肯定使用自定义X509CertifacateValidator并将客户端代理的ClientCredentials.ServiceCertificate.DefaultCertificate设置为某些固定（客户端上）X509Certificate安全？

If it's correct then can I be sure that using a custom X509CertifacateValidator and setting client proxy's ClientCredentials.ServiceCertificate.DefaultCertificate to some fixed (on the client) X509Certificate secure?

自定义X509CertifacateValidator类似如下：

Custom X509CertifacateValidator is something like this:

public class CustomCertificateValidator : X509CertificateValidator
{
    private readonly X509Certificate2 m_expectedCertificate;

    public CustomCertificateValidatorBase(X509Certificate2 expectedCertificate)
    {
        m_expectedCertificate = expectedCertificate;
    }

    public override void Validate(X509Certificate2 certificate)
    {
        ArgumentValidator.EnsureArgumentNotNull(certificate, "certificate");

        if (certificate.Thumbprint != m_expectedCertificate.Thumbprint)
            throw new SecurityTokenValidationException("Certificated was not issued by trusted issuer");
    }
}

推荐答案

是，你的理解是正确的，但它错过了一件事 - 事情随着时间的推移而变化。如果服务器的私钥被公开或服务器的证书以其他方式（无论什么）变得无效，PKI提供证书撤销和撤销检查的机制。对于自签名证书，这是不可能的（至少没有构建自定义PKI基础设施）。

Yes, your understanding is correct, however it misses one thing - things change over time. If server's private key is disclosed or server's certificate becomes invalid in other way (whatever), PKI offers the mechanism for certificate revocation and revocation checking. And with self-signed certificates this is not possible (at least without building custom PKI infrastructure).

解决此问题的一种方法是创建将用作CA证书的自定义自签名证书。使用此证书签署服务器证书并将撤销信息放入CA证书。然后在客户端将CA证书添加为受信任的，并针对此CA证书执行服务器证书的验证，并检查撤销。这意味着您将必须在某些（可能是私有）Web服务器上发布CRL，或者运行OCSP响应程序。

One way to address this problem is to create a custom self-signed certificate which will be used as a CA certificate. Use this certificate to sign the server certificate and put revocation information into the CA certificate. Then add the CA certificate as trusted on the client side, and perform validation of server's certificate against this CA certificate and also check revocation. This means that you will have to either publish CRLs on some (possibly private) web server, or run the OCSP responder.

这篇关于可以使用自签名证书与WCF安全吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！