PGPuam – Public Key Authentication for AppleShare

THIS IS SAMPLE CODE!

———————————————
This is the first public release, It is pretty stable for everyday use, but I am aware of a few bugs. I have listed them below..

This sample is a good example of what can be done with the AppleShare IP UAM sdk and also provides some useful authentication on the Macintosh.

 WHAT IS IT?

———————————————
PGPuam is an enhancement to the standard AppleShare IP User Access Methods  (UAM) that enables a user to perform two-way strongly authenticated logins to an AppleShare IP server from a Mac OS client. The PGPuam system consists of two major components, a client and a server plug-in.

WHY DO I WANT IT?

——————————————–
Tired of remembering and keeping track of Appleshare passwords?  Did you know that  same digital signature technology that is used to guarantee the identity of  e-mail  can also be used to strongly authenticate users of network services. This provides three significant advantages over password based user authentication systems:

•  Since the same key and passphrase used to sign e-mail messages is also used for server access, you only need to remember one passphrase.
• Strong user authentication is provided by cryptographic digital signatures.
• Since the user maintains the only secret material in the system, compromising a server’s user  database results in limited damage.

 HOW DOES IT WORK?

———————————————–

Authentication with Cryptographic Signatures

E-mail communication on the Internet faces a security challenge similar to network user authentication. Since e-mail packets are broadcast through public networks, these messages can also be eavesdropped on and counterfeited by unauthorized individuals. However e-mail vendors have been able to address this problem by leveraging public key cryptography to digitally sign and authenticate e-mail messages.

In a public key cryptosystem, each user or principle generates a pair of mathematically-related cryptographic keys. These keys are created in such a way that it is computationally infeasible to derive one key from the other. One of the keys is made publicly available to anyone who wishes to communicate with that user. The other key is kept private and never revealed to anyone else. This private key is secured by either placing it in a hardware token or further encrypting it to a passphrase, or both. The private key is then used by the principal to digitally sign data. This digital signature can later be checked with the matching public key to ensure that the data has not been tampered with and that it originated from the holder of the private key.`

Since the holder of the private key is the only entity who can create a digital signature that verifies with the corresponding public key, there is a strong correlation between a user’s identity and the ability to sign with that private key. Thus the public key can function as a principle’s identity in cyberspace .

Because they provide such strong testimony to the authenticity of the sender, public-key cryptographic systems are becoming very popular among today’s Internet e-mail users.

The same digital signature technology that guarantees the identity of the e-mail sender can be used to strongly authenticate users of network services, too. By having the user sign a random challenge message from the server at login, the server can verify the identity of the user with his public key. The server randomly creates the challenge message to prevent replay attacks. This process is illustrated in the following scenario :

1. The user initiates network service access.

2. The server looks up the user’s public key in its authentication database. The server then generates a random challenge string and sends the challenge to the client.

3. The client digitally signs the challenge string and returns the cryptographic signature to the server. The client also sends a counter challenge string which is used to verify the server’s authenticity.

4. The server then checks the client’s signature and, if successful, grants access. It also signs and returns the client’s counter-challenge.

This process provides several significant advantages over password based user authentication systems:

-Since the same key and passphrase used to sign e-mail messages is also used for server access, the user need only remember one passphrase. This is done without the risks associated with passphrase caches.

-Strong user authentication is provided by cryptographic digital signatures.

Since the user maintains the only secret material in the system, compromising a server’s user database results in limited damage.

While similar systems have been proposed by a number of researchers they lacked the availability of a widely-accepted key infrastructure. Since PGP already has a large key infrastructure, I have chosen to exploit this by building a challenge-response system using the PGP software developers kit (PGPsdk), which is avilable from the pgp website .

WHAT DOES IT RUN ON?

———————————-

I have tested the client on MacOS 8.5 PPC only. I have no reason to believe that it would not run on 8.1 PPC . It requires AppleShare Client 3.8.1 (or newer, it comes with 8.5). The server works with   AppleShare 6.1.  Most important, you must have a copy of PGP 6.0 or better on the client, manager and servers machines.

EXPORT ISSUES

————————————
PGPuam does not contain any crypto code. It is purely for authentication use only. (In fact all Signatures and Random number generation is done via the PGPsdk) Therefor this code does not fall under jurisdiction of ITAR.  Feel free to enjoy it.

ABOUT THE CODE

———————————–
PGPuam is a Metrowerks Codewarrior PRO 4 project.  The code is considered sample code for now. It uses a bunch of technologies such as: CFM, Appearance Manager, Collections Manager, PGPsdk etc. So there is a lot to learn by examining the code itself.

HOW DO I BUILD IT?

————————————

1) Before starting, you must get a copy of the PGPsdk. You can download it from http://www.pgp.com/sdk/. Place the Library and the Headers in the PGPsdkMac folder.

2) Build the “PGPuam Client” Project. (Move the result, a file called “PGPuam” into either the Extensions folder or optionally create folder titled “AppleShare Folder” place it in either the Extensions folder or System Folder and place the PGPuam  file in that folder.

3) Build the “PGPuam Server” Project.

HOW DO I SET IT UP?

——————————————-

Server

1) Install PGP 6.0 (or better) on the server (or at least drop the appropriate PGP libraries into the Extension folder)

2) Drop the “PGPuam Server” file in the “AppleShare IP UAM” folder found in the server’s extension folder.

3)  Unfortunately you must also Modify the  SIZE resource of the “AppleShare IP Registry”  file in  server’s extension folder to allocate a bit more memory then the stock configuration.   I suggest adding at least  1K more space. Yes this is a bug  in the ASIP design and yes they are working on a fix for the  future, but for now you can correct this using your favorite resource editor. I have taken the liberty of enclosing a  copy of a modified one  with this distribution.

4) Reboot the server.

Manager

1) Install PGP 6.0 (or better) and make sure it runs, you’ll need  to at least setup the default keychains.

2) Launch the PGPuam Manager program.

3) Select a server in the “Connect..” Dialog (This must be done on a machine remote to the server for now, must also have appletalk connectivity)  and enter the Admin Name/password.

4) Select “Server Settings” from  the Server menu.  and Press “Generate” to create a server key. (it might ask you to move the mouse around) then save the key..

5) Drag out a copy of the new public key to the desktop and save this, you will need this for users later.

6) Close the window.

7) Go to the User List window and open a test user up, drag in a copy of that users’s public Key (From PGPkeys or whatever) and save. Do this for each user you want to test with.

Clients

1) Install PGP 6.0 (or better) and make sure it runs, you’ll need to at least setup the default keychains. Each client  will need their own keys, it can  (should be) be an existing key.

2) If you are not already running “AppleShare” client 3.8.1 (comes with macOS 8.5) then update now. You should be able to find a copy at the Appleshare IP website.

3) Create a folder in the Extensions folder titled “AppleShare Folder” and  Drop the “PGPuam” into that folder and reboot.

4) Get a copy of the server PUBLIC key from sysAdmin and drop it into PGPkeys.

5) Open the server in the Chooser and select the “PGP Challenge/REsponse” logon method (the  PUPuam dialog should pop up, feel free to hunt around)

6) Login with appropriate user name, you will be asked by PGP to enter the appropriate passphrase for the key that the sysadmin installed under your username.

KNOWN BUGS and THINGS TO DO

——————————————
PGPuam Client
——————————————-
Balloon Help does not work. Balloon Help is particularly important when the interface uses unlabeled buttons.
——————————————–
The picture in the About panel still does not display. (Actually, it displays briefly, then disapears. Is there a button being drawn over the picture?)
——————————————–
The Apple Help button isn’t hooked up yet.
================================================================

PGPuam Server

——————————————-

CRASH on Shutdown, probably due to OT being shutdown before ASIP plugins.  This is an ASIP bug.. and we are in the process of tracking it down.

===============================================================

PGPuam Admin Problems

——————————————
The PGPuam Admin must currently be run on a machine other than the server. Connecting locally causes a crash and hence I have disabled this feature.  Stay tuned for a fix in the near future.
——————————————–
The “Select Server” window is not centered. This is currently differed due to lazy programmer. Actually I am trying to replace the StandardNBP call with something better. When a NSL or such thing becomes available, I will update it.
——————————————–
The Password field of the Connect to AppleShare window probably should not indicate the password length with bullets. 😉 This isn’t a bug, what it indicated is that the admin password is used in a remote authentication scheme and is sent over the network, albeit using two-way random. It’s not as secure as the PGPuam method.
——————————————–
The Name and Kind labels in the User List window appear with a gray background when the rest of the window has a white background. (I run Mac OS 8.1 with the Black & White appearance variation.) This may be a bug in Appearance 1.0.1 or PowerPlant. (Send me your latest sources and I will investigate further.) Btw, the “AppleShare IP Web & File Server” application has the same problem in the Server Info panel.  I believe this is a bug in the appearance MGR.
——————————————–
Select of list items in the User List window darkens the item’s icons, but it does not color the text of the item, when used in Black and White mode.
——————————————–
Opening a second User window displays the window to the right of the first as if the windows were being tiled. Opening a third displays the window on top of the second. This probably is a PowerPlant bug.
——————————————–
If the local AppleShare Admin deletes a user when the PGPuam Admin has the user open in a window, it will not be properly be reflected. However the user will disappear from the User list window. I have to think about what the proper way to alert the admin user about the changes are..
===========================================================

STAY TUNED.

I plan to actively update this code in the near future. So check the Website every now and them for the latest update.  Feel free to email any questions and/or suggestions..

Vinnie Moscaritolo
World Wide DTS, Apple Computer
————————————————-
http://www.vmeng.com/vinnie/
DSS/DH: 3F903472C3AF622D5D918D9BD8B100090B3EF042