I'm working with some encryption project (using C#) and there is a task, which I'm thinking how to do well.
I need client to generate private keys for asymmetric encryption, but as I have reviewed some libraries, it's NOT such clean & easy task.
Why?
For generating private keys in Windows, I have the next possibilities:
generate them using makecert.exe, pvk2pfx.exe etc... but these tools
are from Windows SDK and seems to be they're linked with other DLLs,
so if client have a clean OS (without any installed library) I may:
1). Install Windows SDK on client's PC 2). Copy makecert.exe and other utilities and
hold it with the project distribution (I think, it's a bad idea due different Windows versions (from 7 to 10) and 32/64 bits architecture
generate using Bouncy Castle, not bad way (also I can use programming language and NOT external tools, which is an advantage for me), but the C# version isn't documented well and there are some ugly places in source code
using OpenSSL, don't like it, because there are several functions call
with errors in library, itself (with multithreading)
using PowerShell (also an option, but I suppose there would be
problems with supporting it on the old version of Windows like 7)
Due those facts, I suppose, what if I free the client from generating private keys? Is it a bad idea? I can generate it at server side and DON'T SAVE private keys at it, just transfer via TLS.
Which secure vulnerabilities exist with a such way? Consider, that use of TLS is the STRICT option.
It depends on your application. There are at least couple of issues with generating private key on server.
Client must trust you are not saving this key for later. You know that you don't but client does not know that. Depending on application it might be important distinction.
Even if you send key over TLS, it still can be intercepted by man in the middle under certain circumstances. For example, company might install trusted root certificate on each computer in organization, then intercept and decrypt all ssl traffic which goes in\out this organisation. Again that might or might not be important depending on the type of your application.
Suppose that you write chat application targeted at large audience, and want to encrypt all messages between users. Then if you will generate keys on server - no one will (or at least should) use your application. First you can dump all their keys to government\whatever (they cannot be 100% sure this cannot happen), and even if you won't do that - there are whole countries where ssl traffic is inspected by using "fake" trusted root certificates.
So long story short - if you can generate private keys on client - do that. In your case I think you can.