Is it secure to check a self-signed certificate based on it's fingerprint?

StackOverflow https://stackoverflow.com/questions/17982793

Question

I currently develop a small system consisting of an embedded server (including a small display) and some mobile devices (at the moment just Android phones).

These mobile devices should be able to talk to the embedded server over a secure channel. For this purpose, the server generates a self-signed SSL certificate during the very first boot process.

If a new mobile device should be connected to the server, the server displays a QR code consisting of:

  • Server IP
  • SSL certificate fingerprint
  • Random device ID

The user scans this QR code using his mobile device. The mobile device connects to the server and checks whether the SSL certificate fingerprint matches the one scanned before.

Is this considered secure? If not, how would you solve this problem?

An alternative approach:

On the very-first boot, the server generates a certificate request and sends it to a central CA server which signs the certificate. The client devices has installed the CA certficate and verifies the server certificate against it.

However, everyone could send a certificate request to the CA server and would get a signed certificate. (One could propably implement some authentication for the CA server using a "master key" but once that is extracted from a system image, the whole authentication becomes useless). In addition this setup requires a central server which I like to avoid since the product may be used in a "offline" environment.

Was it helpful?

Solution

Yes, this is considered secure because the fingerprint of the server's certificate is transferred to the client via a trusted mechanism (being physically next to the server to receive the fingerprint via a difficult to tamper with transport mechanism). If a MITM attack were to be attempted after the initial setup, even though server name would be the same, different keys would have been generated so the fingerprint would be different and the client would detect this and can appropriately reject the communication.

It could also be argued that this method is more secure because the client does not need to trust a 3rd party to verify the authenticity of the certificate. CAs do occasionally issue fraudulent certificates.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top