Ubuntu
apache2 package

  1. Bug #2050017
  2. Comment #5

Comment 5 for bug 2050017

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2024-02-16 08:39 EDT-------
> I would want to better understand the use case or requirement, and how this patch solves them.

The use case is that you want to protect the private key of a httpd server by using a PKCS#11 based (HSM based) private key for the server instead of a clear key.

The private key of the server is the 'identity' of the server.
If an attacker can steal the private key of the server, he can take over that server and the clients will not notice, because the server's public key and the server certificate do not change. So even with certificate/pubic-key pinning, the client won't see any changes.

A more secure way of protecting the server key is by using a HSM based key for that. An HSM based key is a so called secure key, and it is encrypted by the HSMs master key. The HSM master key will never ever leave the HSM, and thus is physically bound to the HSM. A secure key is encrypted by the HSM master key, and any crypto operation with such a key must happen inside the HSM. So even if a secure key gets stolen, it is totally useless without having the HSM, too.

PKCS#11 is a crypto API that is often used for HSM based crypto systems.
There are different PKCS#11 implementations available, of of it is Opencryptoki, which offers true HSM based crypto operations with IBM Crypto Express adapters in CCA or EP11 mode.

Unfortunately, only very little applications do support PKCS#11 directly. Many of them (including Apache httpd's mod_ssl) do use the OpenSSL crypto API to perform (clear key) crypto operations. To allow such applications to transparently use PKCS#11, there exists a so called PKCS#11 engine (libp11 engine - https://github.com/OpenSC/libp11).

Apache httpd mod_ssl since long time has support for using this engine to work with a PKCS#11 implementation for the server key and certificate. The httpd mod_ssl has special configuration keywords to enable the engine, and to specify PKCS#11 URIs for the key and the certificate, so that it uses the PKCS#11 based key instead of a clear key.

See this article about how to configure such a setup:
https://www.ibm.com/docs/en/linux-on-z?topic=linuxone-libp11-engine

With OpenSSL 3.0 the OpenSSL engines got deprecated and OpenSSL is moving to a new plugin concept, called providers. So the libp11 engine usage will end at some point in time.

Since some time, there exist two PKCS#11 providers that can kind of replace the libp11 Engine.
PKCS#11 provider: https://github.com/latchset/pkcs11-provider
PKCS#11 sign provider: https://github.com/opencryptoki/openssl-pkcs11-sign-provider

Unfortunately, the way httpd 's mod_ssl is implemented, it need some adaptions in order to use these PKCS#11 providers instead if a PKCS#11 engine. There is a lot of engine specific code in mod_ssl, that needs to be adjusted for working with providers.

This is exactly what the patch of this feature does.

So with that support, one can configure the Apache httpd with a PKCS#11 provider to use a PKCS#11 based server key and certificate, the same way as it was possible with the libp11 engine.