##master-page:AuditResultTemplate
##master-date:2014-06-24
#acl BenediktHeintel:read,write,delete,revert,admin BoardGroup:read All:read
#format wiki
#language en

= Audit Results Session 2016.1 =
## select in each field one
## Review of Internal controls, Compliance Review, Operational or Management Audit, Financial Audit, Special Investigation
|| Audit Type         || Operational audit ||
## Draft, Formal Draft, Final Report
|| Report Status      || Final Report ||
## Audit plan, Directive of Board, Request of ''XX'' 
|| Audit initiated by || Directive of Board ||
|| Audit Subject      || Root Certificate Re-Signing ||
## Comments received, comments integrated, agreed, needs rework
|| Follow up status   || 2016-03-12 Send to Board for approval ||
||                    || 2016-03-13 Approved by board in [[https://community.cacert.org/board/motions.php?motion=m20160313.1|m20160313.1]] ||

<<TableOfContents()>>
== Executive Summary ==
The cryptographic hash function MD5 is depreciated and its support will be removed from all browsers in the future. CAcert is using MD5 as hash algorithm in its self-signed root certificate. This would be no problem, since it is the trust anchor by itself but the removal of browser support will make the use impossible on one day.

For this reason, the software team created a [[https://github.com/CAcertOrg/cacert-procedures/tree/master/rootResignSHA256|github repository]] with scripts re-signing the current root certificates using SHA256 as signature algorithm; based on [[https://bugs.cacert.org/view.php?id=1305|Bug 1305]].

With a pre-defined and in [[Audit/Results/session2015.4|Session 2015.4]] tested process, the root certificate should be re-signed. This was executed successfully on 2016-03-12 in the secured facilities of CAcert's data centre.

== Purpose, Scope and Methodology ==
Re-signing root keys is - as generating them - a significant task for a certificate authority. It should be carefully designed and monitored. To validate the correctness and completeness is therefore an important task.

The Audit was conducted as an inspection of the [[https://svn.cacert.org/CAcert/SystemAdministration/signer/re-sign-2016/implementation.txt|root resign process]] (SHA256sum: 367fd3cd8a07c3e2f5fcb2c5d050a7f8b017b04e85fa8589b3ef8b8bb2e1098a).

== Audit Results and Recommendations ==
The procedure has been followed completely and successfully as described with the following derivations:

 1. The ''preparation phase'' steps 1 - 13 have been done twice because of a rouge USB thumb drive.
 1. Before ''preparation phase'' step 12 /var/cache/debconf/config. was locked by the live CD installer and therefore killed.
 1. In ''re-signing phase'' step 1, the time and date of the signer was set and the mirroring switched off.
 1. Made a mistake in ''re-signing phase'' step 6 (complain from ''main''), inspected it, logged part of the private key to the typescript, deleted the typescript, started over with step 2 again.

All steps have been executed without disruption from non-related parties.

The recorded fingerprints are:

'''pubkey fingerprint of re-signing software signature key-pair'''
{{{
22cb 3904 6614 5cb4 aea1 0be1 7b38 b59b 317e 59ac 1884 3d40 f21b d092 2708 57f0
}}}

'''root_256.crt finger print'''
{{{
07ed bd82 4a49 88cf ef42 15da 20d4 8c2b 41d7 1529 d7c9 00f5 7092 6f27 7cc2 30c5
}}}

'''class3_256.crt finger print'''
{{{
f687 3d70 d675 96c2 acba 3440 1e69 738b 5270 1dd6 ab06 b497 49bc 5515 0936 d544
}}}

Following attendees signed the successful execution:
 * Bas van den Dikkenberg (secure-u access engineer)
 * Mendel Mobach (CAcert critical system administrator)
 * Martin Simons (CAcert critical system administrator)
 * Benedikt Heintel (CAcert internal auditor)

The internal Auditor holds:
 1. the Ubuntu Live DVD used for signing
 1. the USB thumb drive with the program input (from git)
 1. the USB thumb drive with the results, i.e.:
  1. checksums
  1. checksums.hash
  1. class3_256.crt
  1. main
  1. main.c
  1. main.o
  1. new.txt
  1. new3.text
  1. old1.txt
  1. old3.text
  1. root_256.crt
  1. [[attachment:script.prep]]
  1. [[attachment:script.re-sign]]
  1. signature
  1. signature.pub
  1. timelog.prep
  1. timelog.re-sign

All of the above file are checked in to our [[http://svn.cacert.org/CAcert/SystemAdministration/signer/re-sign-2016/outputs/|SVN]].
For transparency reasons, all logs are attached here.
 [[attachment:crit_sys_adm_report.txt|Critical Sys Admin Log]]


=== Non-Conformities ===
None.

=== Recommendations ===
None.

== Auditor ==
-- BenediktHeintel <<DateTime(2016-03-12T23:06:09Z)>> 

----
 . CategoryAudit