Ubuntu
gcr package

Certificate viewer shows extra bytes for RSA keys

Bug #1969118 reported by Mikko Rantalainen
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gcr (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

When I view a x509 certificate using

    gcr-viewer .../path/to/certificate.pem

and open the "Details" section and check the RSA public key information, the section that lists the public key renders extra 8 bytes at the start and 5 bytes at the end which are not actually part of the key.

I haven't tried if this happens with other file types except x509, or with encryption methods except RSA. The exact certificate I viewed can be downloaded from https://crt.sh/?d=6454583403 and the expected public key modulus should start with 00:b6:28:0b:44:... but the certificate viewer shows public key starting with bytes 30 82 01 0A 02 82 01 01 00 B6 28 0B 44. Note the extra bytes 30 82 01 0A 02 82 01 01. The extra bytes seem to be static and do not change after re-lanching the viewer again. There are also extra bytes in the end of the displayed key.

I'm marking this bug as a security vulnerability for now because

(1) This tool is supposed to used to check encryption credentials, and
(2) It's still unknown if this is some kind of 8 byte underflow/5 byte overflow or just a rendering problem. I'm not aware of the viewer writing extra bytes to any memory location so I would assume this is just a rendering issue.

I'm fine with this issue being public so feel free to publish at your discretion.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gcr 3.28.0-1
ProcVersionSignature: Ubuntu 5.4.0-107.121~18.04.1-lowlatency 5.4.174
Uname: Linux 5.4.0-107-lowlatency x86_64
ApportVersion: 2.20.9-0ubuntu7.27
Architecture: amd64
CurrentDesktop: MATE
Date: Thu Apr 14 15:47:18 2022
EcryptfsInUse: Yes
InstallationDate: Installed on 2019-01-05 (1194 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
SourcePackage: gcr
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Mikko Rantalainen (mira) wrote :
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello Mikko, thanks for the report; I believe that's working as intended, those bytes are part of the DER encoding; there's an excellent answer at https://crypto.stackexchange.com/a/19982/1400 that describes the meanings of each of those bytes.

Thanks

information type: Private Security → Public Security
Changed in gcr (Ubuntu):
status: New → Invalid
Revision history for this message
Mikko Rantalainen (mira) wrote :

OK, I agree that this is not a security problem but UI issue only.

However, note that the UI says "Public key" and before that "Key algorithm: RSA". As such, the public key should not have any extra bytes at the start or at the end, just the public RSA 2048 bit key as is (as desribed by "Key Algorithm" and "Key Size" fields immediately above).

Also note that the key displayed by gcr-viewer does not match key value displayed by `openssl x509 -in ... -text`, Google Chrome, nor Firefox. Is this also by design?

That said, I agree that gcr-viewer doesn't show the exponent separate from the modulus either so maybe the easiest fix would be to change the label "Public Key" to say "DER Encoded Public Key" to make it obvious that user must decode the encoding of the key by themselves. When I'm viewing PEM encoded key I sure didn't expect to see the public key as DER encoded raw data.

A better fix would be to render modulus and exponent as separate fields without any extra bytes. Of course, that would require different code paths for e.g. RSA and x25519.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.