Friday, July 24, 2015

Suite B Cryptography

I was a little surprised today after downloading the Office 2013 admin GPO templates and moving them into my policy folder on a trash vm I used on occasion to look at some things.

One thing I noticed under the hood was enforcing the use of Suite B for S/MIME operations. Although this isn't unusual I just figured enforcing Suite B was more of a scripting reg hack than a actual Microsoft GPO option.


For those that are not familiar with Suite B Cryptography you can read all about it here.
https://www.nsa.gov/ia/programs/suiteb_cryptography/

A few things if you really want to go the Suite B route.

Suite B curves for Top Secret uses a Curve P-384 with a 256 bit key. So lets demonstrate using XCA. If you want XCA...Download it here >> http://sourceforge.net/projects/xca/

Lets create a Private Key first based on NIST P-384 Standards

Now We need to create a X509 cert that meets suite B top secret standards.

So go over to the certificate tab and do the following





Assign a password to your export. Now you should have a Suite B self signed certificate to do S/mime with.

For the record. I do not suggest you use P384 curves. Their origin's are doubtful. (Meaning I think they have a flaw where comms could be decrypted)

Enjoy the quick lesson on Suite B.





No comments:

Post a Comment