One thing I noticed under the hood was enforcing the use of Suite B for S/MIME operations. Although this isn't unusual I just figured enforcing Suite B was more of a scripting reg hack than a actual Microsoft GPO option.
For those that are not familiar with Suite B Cryptography you can read all about it here.
https://www.nsa.gov/ia/programs/suiteb_cryptography/
A few things if you really want to go the Suite B route.
Suite B curves for Top Secret uses a Curve P-384 with a 256 bit key. So lets demonstrate using XCA. If you want XCA...Download it here >> http://sourceforge.net/projects/xca/
Lets create a Private Key first based on NIST P-384 Standards
Now We need to create a X509 cert that meets suite B top secret standards.
So go over to the certificate tab and do the following
Assign a password to your export. Now you should have a Suite B self signed certificate to do S/mime with.
For the record. I do not suggest you use P384 curves. Their origin's are doubtful. (Meaning I think they have a flaw where comms could be decrypted)
Enjoy the quick lesson on Suite B.
No comments:
Post a Comment