Case Study: Securing GSM / GPRS Modem Modules with wolfSSL

yaSSL has released a new case study highlighting how one of our customers, CCww, is using the wolfSSL embedded SSL library to secure GSM / GPRS modem modules. This case study highlights the key requirements CCww had for securing their modules, how wolfSSL was used as a solution, and summarizes CCww’s thoughts on the project.

You can download the case study directly from the yaSSL website at the following location. If you have any questions about using wolfSSL to secure your project, please contact us at info@yassl.com.

yaSSL / CCww Case Study: http://www.yassl.com/files/casestudy/casestudy_yassl_ccww.pdf

Reminder: Enter to win a New Apple iPad from yaSSL

We wanted to remind our readers to enter our sweepstakes for a chance to win a New Apple iPad (16GB, Wi-Fi). The sweepstakes will be coming to a close August 1, 2012 (just 9 days away!). For a chance to win, just take our short SSL survey (10 questions) at the following link. The contest is limited to one entry per individual.

Begin the survey, here: http://www.surveymonkey.com/s/585N8LZ (this survey has been closed)

Eligibility: To be eligible to win you must be a legal resident of the fifty (50) United States or the District of Columbia and be at least eighteen (18) years old at the time of entry.

We appreciate your time and feedback! All results and comments will be taken into consideration to improve our products. If you have any questions, please email us at info@yassl.com.

Intro to PKCS #1: RSA Cryptography Standard

As the first post in our PKCS series, we will be looking at PKCS #1. PKCS #1 is the RSA Cryptography Standard and is defined in RFC 3447 (http://tools.ietf.org/html/rfc3447). It defines standards for implementing public and private keys based on the RSA algorithm including cryptographic primitives, encryption schemes, signature schemes, and ASN.1 syntax for representing the keys and identifying the schemes.

A. Cryptographic Primitives

As stated in the RFC, cryptographic primitives are “basic mathematical operations on which cryptographic schemes can be built. Four different types of cryptographic primitives are defined in PKCS #1: encryption, decryption, signature, and verification.

An encryption primitive produces a ciphertext from a plaintext under the control of a public key. A decryption primitive produces a plaintext from a ciphertext under the control of a corresponding private key. PKCS #1 defines one pair of encryption/decryption primitives, specified as RSAEP and RSADP in RFC 3447, with exponentiation being the main mathematical operation used.

A signature primitive produces a signature from a message under the control of a private key. A verification primitive recovers the message from the signature under the control of the corresponding public key. The specific primitives defined for signature and verification in PKCS #1 are RSASP1 and RSAVP1.

B. Encryption and Signature Schemes

As stated in RFC 3447, “a scheme combines cryptographic primitives and other techniques to achieve a particular security goal.” The two types of schemes defined in PKCS #1 are encryption schemes and signature schemes with appendix. The schemes presented in PKCS #1 are limited in that they only present methods to process data with either a public or private key. They do not include any type of recommendations or steps to handle key management.

Both encryption schemes and signature schemes can be applied in many situations. One example given in RFC 3447 regarding an encryption scheme is usage in a key establishment protocol, where the message contains key material that needs to be delivered from party A to party B confidentially. An example given by the RFC for signature scheme usage could be as a signature algorithm for X.509 certificates. Note that signature schemes with appendix (defined in PKCS#1) are different than signature schemes with message recovery.

C. ASN.1 Syntax

The last item which is defined in PKCS #1 is ASN.1 object identifiers for RSA public and private keys and the RSA public and private key structure. The intended applications of these definitions include X.509 certificates, PKCS #8, and PKCS #12.

The wolfSSL embedded SSL library uses the PKCS #1 standard for RSA public and private keys and RSA operations. For example, if you examine the code, you can see how wolfSSL’s RsaKey type (./cyassl/ctaocrypt/rsa.h) matches up to the RSA key definition in PKCS #1.

To learn more about PKCS #1, you can look through RFC 3447, here:

http://tools.ietf.org/html/rfc3447

To learn more about the wolfSSL embedded SSL library, you can download a free GPLv2-licensed copy from the yaSSL download page, https://www.wolfssl.com/download/, or look through the wolfSSL Manual, http://www.yassl.com/yaSSL/Docs-cyassl-manual-toc.html. If you have any additional questions, please contact us at info@yassl.com.

PKCS Standards Blog Post Series

PKCS is a set of “Public Key Cryptography Standards” which were devised and published by RSA Security, Inc. beginning in the 1990s. The PKCS standards encapsulate everything from the RSA algorithm to password-based encryption to standards for certificate requests and cryptographic tokens. Because many of these standards are directly related to SSL/TLS and the wolfSSL embedded SSL library, we will be posting a series of blog posts on these widely-used standards over the next several weeks.

The PKCS Standards include:

PKCS#1 = RSA Cryptography Standard
PKCS#3 = Diffie-Hellman Key Agreement Standard
PKCS#5 = Password-based Encryption Standard
PKCS#6 = Extended-Certificate Syntax Standard
PKCS#7 = Cryptographic Message Syntax Standard
PKCS#8 = Private-Key Information Syntax Standard
PKCS#9 = Selected Attribute Types
PKCS#10 = Certificate Request Standard
PKCS#11 = Cryptographic Token Interface
PKCS#12 = Personal Information Exchange Syntax Standard
PKCS#13 = Elliptic Curve Cryptography Standard
PKCS#14 = Pseudo-random Number Generation
PKCS#15 = Cryptographic Token Information Format Standard

Stay tuned to our blog to learn more about the PKCS standards and how they relate to the wolfSSL embedded SSL library.