1

So I have been reading about SSL pinning in context of a requirement where we have to interact with a web service operated by a partner of ours. We have an Android App and we would be making network calls to their service in a WebView(embedded web browser) and while SSL pinning has been labeled as the solution to verify identity really, I am still not clear on the fundamentals.

Say, I am interacting with Google. Firefox shows me their certificate details. If I were to be able to try out a MITM for a request to Google, can't I just copy Google's certificate(which seems to be a public information) and provide that as my certificate?

I don't see pinning help any identity cause. What have I left out of the story?

Manish Kumar Sharma
  • 111
  • 3
  • Also see https://security.stackexchange.com/questions/105376/could-a-stolen-certificate-show-as-trusted/105377#105377. – mti2935 Nov 09 '19 at 14:35

1 Answers1

0

Say, I am interacting with Google. Firefox shows me their certificate details. If I were to be able to try out a MITM for a request to Google, can't I just copy Google's certificate(which seems to be a public information) and provide that as my certificate?

You can copy the certificate all you want, but you can't copy the private key that corresponds to the certificate. The private key is the (only) secret of the system, and closely guarded by the webserver.

The basic TLS handshake means that the server sends it's certificate, and proves it by using the corresponding private key to sign a nonce:

Server's digital signature: The server uses its private key to encrypt the client random, the server random, and its DH parameter*. This encrypted data functions as the server's digital signature, establishing that the server has the private key that matches with the public key from the SSL certificate.

Thus, when a client uses the certificate (the public key) to encrypt something, you have no way of decrypting it, and the TLS handshake will fail. This handshake normally happens before any data is exchanged.

You should probably read up on public key infrastructure which describes how the model works.

This is also why Heartbleed was a huge thing; it allowed extraction of the private keys from webservers.

vidarlo
  • 14,890
  • 2
  • 43
  • 56
  • Fine. So, communication won't be trusted without TLS/SSL handshaking. I then should care for handshake only. How does pinning comes into picture? – Manish Kumar Sharma Nov 09 '19 at 13:30
  • Pinning basically means that you only except a limited set of certificates. So if a site pins CA Z, a (mis-)issued certificate from CA Y will not be permitted, or even limit it to a single public key, effectively barring anyone from using a substitute certificate. – vidarlo Nov 09 '19 at 14:15