how do browser validate that an SCT is valid for a particular certificate (as opposed to for some other certificate)?

2,687 views
Skip to first unread message

Irene Trujillo

unread,
Oct 4, 2015, 6:33:48 PM10/4/15
to certificate-transparency

"the TLS client validates the log’s signature on the SCT to verify that the SCT was issued by a valid log and that the SCT was actually issued for the certificate (and not some other certificate)." (http://www.certificate-transparency.org/how-ct-works)

Is information identifying a particular certificate contained within the SCT, or does the browser have to do a reverse lookup with the log to find the certificate associated with an SCT and then compare that certificate with the one the browser received alongside the SCT?


I don't see an obvious way the browser could verify an SCT is valid based upon the following screen capture?:


Tom Ritter

unread,
Oct 4, 2015, 6:39:39 PM10/4/15
to certificate-transparency
Given a SCT and a certificate, you can confirm that the SCT is valid for the certificate.  The signature data is a signature over the version, type, timestamp, log entry type, any extensions, and the certificate.  So you're right that a SCT doesn't contain a certificate inside of it, but I give you a certificate and a SCT and you can verify the signature is over the data I claim it is.

-tom 

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Eran Messeri

unread,
Oct 13, 2015, 3:20:56 PM10/13/15
to certificate-...@googlegroups.com
Also, the implied assumption in RFC6962 is that the SCT(s) are for the end-entity certificate (if they are not embedded in it).
In RFC6962-bis there are plans to add metadata accompanying the SCTs that would indicate which certificate they relate to.

Eran

Purnima Vishwabrahma

unread,
Oct 24, 2018, 2:47:11 PM10/24/18
to certificate-transparency
Is there a way to validate SCT manually. I have created a certificiate with embedded SCT but chrome returns saying Invalid Signature in SCT?
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.

David Drysdale

unread,
Oct 25, 2018, 3:24:46 AM10/25/18
to certificate-...@googlegroups.com
Hi,

There's a tool in our open-source Go repo that can check SCTs, either embedded in a certificate file or as-served by an HTTPS website (see below).

If signatures aren't verifying, that might be an indication that something (other than the CT extensions) is different between the precertificate and the certificate -- but it could be something else.

Regards,
David

% sctcheck --logtostderr https://google.com
I1025 08:09:46.348784   49203 sctcheck.go:166] Retrieve certificate chain from TLS connection to "google.com:443"
I1025 08:09:46.413335   49203 sctcheck.go:175] Found chain of length 2
I1025 08:09:46.414361   49203 sctcheck.go:220] Examine external SCT[0] with timestamp: 1539091715014 (2018-10-09 14:28:35.014 +0100 BST) from logID: a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10
I1025 08:09:46.414618   49203 sctcheck.go:232] Validate external SCT[0] against log "Google 'Pilot' log"...
I1025 08:09:46.415224   49203 sctcheck.go:236] Validate external SCT[0] against log "Google 'Pilot' log"... validated
I1025 08:09:46.415257   49203 sctcheck.go:239] Check external SCT[0] inclusion against log "Google 'Pilot' log"...
I1025 08:09:46.521981   49203 sctcheck.go:250] Check external SCT[0] inclusion against log "Google 'Pilot' log"... included at 396392909
I1025 08:09:46.522219   49203 sctcheck.go:220] Examine external SCT[1] with timestamp: 1539091714425 (2018-10-09 14:28:34.425 +0100 BST) from logID: 5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd
I1025 08:09:46.522439   49203 sctcheck.go:232] Validate external SCT[1] against log "DigiCert Log Server"...
I1025 08:09:46.522924   49203 sctcheck.go:236] Validate external SCT[1] against log "DigiCert Log Server"... validated
I1025 08:09:46.522957   49203 sctcheck.go:239] Check external SCT[1] inclusion against log "DigiCert Log Server"...
I1025 08:09:47.032844   49203 sctcheck.go:250] Check external SCT[1] inclusion against log "DigiCert Log Server"... included at 6046264
E1025 08:09:47.033184   49203 sctcheck.go:80] Found 2 external SCTs for "https://google.com", of which 2 were validated
E1025 08:09:47.033224   49203 sctcheck.go:101] Found 0 embedded SCTs for "https://google.com", of which 0 were validated
% sctcheck --logtostderr Downloads/wwwapplecom.crt 
I1025 08:11:03.097948   49350 sctcheck.go:119] No issuer in chain; attempting online retrieval
I1025 08:11:03.177400   49350 sctcheck.go:220] Examine embedded SCT[0] with timestamp: 1525890274874 (2018-05-09 19:24:34.874 +0100 BST) from logID: bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185
I1025 08:11:03.177609   49350 sctcheck.go:232] Validate embedded SCT[0] against log "Google 'Skydiver' log"...
I1025 08:11:03.178039   49350 sctcheck.go:236] Validate embedded SCT[0] against log "Google 'Skydiver' log"... validated
I1025 08:11:03.178069   49350 sctcheck.go:239] Check embedded SCT[0] inclusion against log "Google 'Skydiver' log"...
I1025 08:11:04.692159   49350 sctcheck.go:250] Check embedded SCT[0] inclusion against log "Google 'Skydiver' log"... included at 16115581
I1025 08:11:04.692226   49350 sctcheck.go:220] Examine embedded SCT[1] with timestamp: 1525890274755 (2018-05-09 19:24:34.755 +0100 BST) from logID: 5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd
I1025 08:11:04.692350   49350 sctcheck.go:232] Validate embedded SCT[1] against log "DigiCert Log Server"...
I1025 08:11:04.692775   49350 sctcheck.go:236] Validate embedded SCT[1] against log "DigiCert Log Server"... validated
I1025 08:11:04.692800   49350 sctcheck.go:239] Check embedded SCT[1] inclusion against log "DigiCert Log Server"...
I1025 08:11:05.196304   49350 sctcheck.go:250] Check embedded SCT[1] inclusion against log "DigiCert Log Server"... included at 4984965
E1025 08:11:05.196340   49350 sctcheck.go:101] Found 2 embedded SCTs for "Downloads/wwwapplecom.crt", of which 2 were validated

To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsubscr...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/07426cfd-b175-4e5c-8b94-17baac76ebc5%40googlegroups.com.

Purnima

unread,
Oct 25, 2018, 6:24:12 AM10/25/18
to certificate-...@googlegroups.com
Thanks david.

The serial number, starttime and end time of precert and sct cert donot match. Do you think this could be the issue.



To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/CAHse%3DS8%2BP%3DL6bPgF%2Bwz5PjKOyrDxorBJEtrspJqLL_0VahnjTA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.
--
Thanks,
V.Purnima

David Drysdale

unread,
Oct 25, 2018, 7:07:10 AM10/25/18
to certificate-...@googlegroups.com
Sounds likely -- the certificate needs to be almost-identical to the precertificate to allow the signature in the SCT to be re-created and validated.  After the steps described in https://github.com/google/certificate-transparency/blob/master/docs/SCTValidation.md#embedded-scts, the inner tbsCertificate needs to match between cert and pre-cert -- and that definitely includes times and serial numbers.

Regards,
David

To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
--
Thanks,
V.Purnima

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/CAOSnnjLOjUC%2Ba-F9FO%2BOeO4x-qMP%2Bq5rosV3q7m-ERiqrVw%3DzA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages