The BBC reported this week that Dell computers have not only been shipped installed with a Certificate Authority public key issued by Dell with name (CN=) eDellRoot – but bizarrely also with matching private key. The problem has been observed in computers sold as long ago at least as July.

The key is marked as “non-exportable” in the Windows Certificates snap-in certmgr.msc (as is the default for keys created with makecert or openssl), but Kevin Hicks reports using the tool Jailbreak to allow export anyway, and posted the full key. The private key is password protected, but code, such as crackpkcs12, is readily available to perform a brute-force search for the password. This turns out to be “dell”.

Of course this compromises security of affected machines in at least 2 ways:

1. The computers are open to man-in-the-middle attacks, since a MITM can create a certificate for any website the target Dell computer visits which will be accepted as valid by the Dell machine.
2. A malicious party could compromise Microsoft’s Authenticode code-signing mechanism to install software onto a Dell machine: e.g. ActiveX controls from a website it controls which the DELL machine visits (or via a MITM attack). It seems that kernel mode software couldn’t be installed using this certificate, because there’s not a certificate chain leading to the “Microsoft Code Verification Root” certificate issued by Microsoft.

Dell has now acknowledged the problem, and posted instructions for removing the certificate. It’s not clear how they could have been so misguided as to make such a mistake. Their response says that “it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model”. My guess is that online support, as client, would access the Dell machine, as a server, using TLS to protect the connection, and this key pair was for use by the server in this scenario. The mistake then was to have generated this key pair as a CA certificate.

As a slight diversion, the openssl command

openssl pkcs12 -in eDellRoot.pfx -nocerts -nodes -out eDellRoot.pri

can be used to extract the private key, and then

openssl rsa -text -noout <eDellRoot.pri

can be used to see the private key parameters, each given with most significant byte first. In this case we have parameters for a 2048 bit RSA key. Values are given for modulus, publicExponent, privateExponent, prime1, prime2, exponent1, exponent2 and coefficient, which are respectively \(n=pq\), \(e\), \(d=e−1 \bmod (p−1)(q−1)\), \(p\), \(q\), \(d \bmod(p−1)\), \(d \bmod (q−1)\), and \(q−1 \bmod p\) where \(p\) and \(q\) are the RSA primes. Vidar Holen has a nice blog entry describing how to perform RSA calculations using the command line calculator bc.