We are using C# with bouncy castle .net library to implement a feature. Let us say we work as a website_A to generate CSR for end customer, then end customer will take the CSR we generate to our business partner website_B to acquire a certificate.
Previously it worked perfectly fine. Note keyPair.Public and keyPair.Private are from the same RSA key pair. The generated CSR can be validated without any issue here https://certlogik.com/decoder.
Pkcs10CertificationRequest request = new Pkcs10CertificationRequest(
"SHA256withRSA",
new X509Name(subject),
keyPair.Public,
null,
keyPair.Private);
However, our business partner website_B wants to validate that any CSR submitted/uploaded by end customer is not only valid CSR but indeed generated by us (website_A). So we create a new pair of RSA keys and pass the new public key to website_B and use the new private key to sign any new CSR. So our code is updated as below. Please note that keyPair.Public and newKeyPair.Privae are from different pairs of RSA keys. The code can still generate CSR, but fail on validation such as https://certlogik.com/decoder. Weird enough though our business partner website_B can still parse/decode the new format of CSR with newKeyPair.Public we pass to them, if CSR validation step is skipped.
Pkcs10CertificationRequest request = new Pkcs10CertificationRequest(
"SHA256withRSA",
new X509Name(subject),
keyPair.Public,
null,
newKeyPair.Private);
So my qns are:
is our business partner website_B requirement of digital signature of CSR (so that they can be sure the CSR is generated by us) sound?
if yes how we can attach the digital signature of CSR with the original CSR. Please note Pkcs10CertificationRequest can only take one private key.
is there another way to digitally sign CSR with different pair of private key?
- is our business partner website_B requirement of digital signature of CSR (so that they can be sure the CSR is generated by us) sound?
Your partner wants a proof of authenticity with a digital signature. That is usual and digital signatures are designed for this.
- if yes how we can attach the digital signature of CSR with the original CSR. Please note Pkcs10CertificationRequest can only take one private key.
A CSR must be signed with the private key of the certificate requestor, and must match with the embeded public key. You are using the CSR as a digital signature container, that can proof that website_A has generated the CSR, but is not valid for the Certificate Authority to ensure that the requestor effectively owns the private key. Therefore the certificate enrollment process it is not valid.
Since CSR is not designed for this purpose. I suggest:
Use an additional digital signature on the original CSR with website_A's private key. It is not needed to attach this signature into the CSR. Just use a detached signature or a known format like CMS or XMLDSig
Use a custom Certificate Signing Request format. You really do not need the standard PKCS#10 because you already have a custom enrollment process between A y B. Using a standard has obvious advantages, but in your case it is expendable because is only used in the initial enrollment process. Note that CSR is discarded after generation and there is no direct relationship between CSR and the issued certificate. You can define a custom format that includes requestor's public key, required data about certificate generation, and the two signature of A and B
- is there another way to digitally sign CSR with different pair of private key?
No, see above