Skip to content

Instantly share code, notes, and snippets.

Avatar

Sander D SDx3

  • NL
View GitHub Profile
View certificate-knowledge.md

Digital certificates

Some background and hands-on information

Digital certificates come in many shapes and sizes. There are also a ton of tools to help you deal with them. This page contains some tips and tricks as well as technological backgrounds to help you understand what the heck you're doing.

@SDx3
SDx3 / CVE-2020-0601.md
Last active Jan 16, 2020
CVE-2020-0601
View CVE-2020-0601.md

CVE-2020-0601

A serious issue in the way Windows handles digital certificates.

Here's a quick mathematical explanation of the issue:

The bug exploits crypt32.dll signature verification on elliptic curve. crypt32.dll only checks for matching public key and parameters, but not the generator G.
The private key is d = [1, n - 1], where n is order of the curve
The public key is Q = dG.
The generator G is defined for each curve, but the bug allows your to specify your own generator.

View keybase.md

Keybase proof

I hereby claim:

  • I am SDx3 on github.
  • I am sdx3 (https://keybase.io/sdx3) on keybase.
  • I have a public key whose fingerprint is 86FC E598 FFDE 2D80 3454 C468 5C1C 61A5 A9FA A13A

To claim this, I am signing this object:

You can’t perform that action at this time.