Certificate viewer shows extra bytes for RSA keys
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gcr (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When I view a x509 certificate using
gcr-viewer .../path/
and open the "Details" section and check the RSA public key information, the section that lists the public key renders extra 8 bytes at the start and 5 bytes at the end which are not actually part of the key.
I haven't tried if this happens with other file types except x509, or with encryption methods except RSA. The exact certificate I viewed can be downloaded from https:/
I'm marking this bug as a security vulnerability for now because
(1) This tool is supposed to used to check encryption credentials, and
(2) It's still unknown if this is some kind of 8 byte underflow/5 byte overflow or just a rendering problem. I'm not aware of the viewer writing extra bytes to any memory location so I would assume this is just a rendering issue.
I'm fine with this issue being public so feel free to publish at your discretion.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gcr 3.28.0-1
ProcVersionSign
Uname: Linux 5.4.0-107-
ApportVersion: 2.20.9-0ubuntu7.27
Architecture: amd64
CurrentDesktop: MATE
Date: Thu Apr 14 15:47:18 2022
EcryptfsInUse: Yes
InstallationDate: Installed on 2019-01-05 (1194 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
SourcePackage: gcr
UpgradeStatus: No upgrade log present (probably fresh install)
Hello Mikko, thanks for the report; I believe that's working as intended, those bytes are part of the DER encoding; there's an excellent answer at https:/ /crypto. stackexchange. com/a/19982/ 1400 that describes the meanings of each of those bytes.
Thanks