More proof that crypto is harder than it needs to be.
I went looking today for a definitive statement on what purposes a certificate needs when it is created for an SMTP server that uses STARTTLS (I'm still looking, but I'm pretty certain I know what it needs). I came across this gem of a piece from the Mac OS X guide to SSL:
The CSR and key are generated in the current directory, in a file called
newreq.pem. When you enter:
the system displays the file, which looks something like this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Now, you can take this CSR to a Certificate Authority (CA) such as Thawte and Verisign. Using the CSR, you can purchase an SSL certificate from one of these CAs, and then use it to authenticate your email server.
Okay, so they just said that you should take the PEM file above to your CA, as the CSR?
Why's it bad?
Because that's not just the CSR, it also holds the private key. Think of the private keys as being your internal organs - nobody gets to have them while you're still alive.
Sure, it's encrypted, but did you really want to take the chance that the guys with all that cryptographic experience?
The Certificate Request, for the record, is exactly that portion between "-----BEGIN CERTIFICATE REQUEST-----" and "-----END CERTIFICATE REQUEST-----" - that's the part (along with those two markers) that you should send to the CA.
This is pretty entertaining, but it doesn't beat the training guides for Mirosoft's Windows 2000 Official Curriculum course, which read "Alice encrypts a message using Bob's private key". If Alice has access to Bob's private key, they should be able to share secret messages at the breakfast table without encryption.