localhost.megasyncloopback.mega.nz private key in client

Hello everyone,

I'm not sure where to report this issue, this is my fist cert issue report.

I tried to report it to GeoTrust, but they don't know about this domain.

Replay from GeoTrust
> Good day,=20
>=20
> Thank you very much for the friendly request.=20
>=20
> Unfortunately I was not able to find anything for the provided Domain loc=
alhost.megasyncloopback.mega.nz in our records.=20

I'm also not sure what is the difference from RapidSSL and GeoTrust.


## Affected certificate:

https://censys.io/certificates/87d92f12e1fa4ab0a1460834067d161d085c013d14ca=
98489c807ce40521b981
https://crt.sh/?id=3D112840296


## Background:

Mega.nz has a sync client, that starts a HTTPS server on port 6342.
Whenever you visit a site on `mega.nz`, the browser tries to connect to
`https://localhost.megasyncloopback.mega.nz:6342/`.

Obviously the client need the private key to start that HTTPS server.
After a bit debugging from the client, I was able to recover the private ke=
y from that certificate.


## Proof:

msg: (msg.txt)
TW9uIEp1bCAyMyAxMzo1ODo1MiBDRVNUIDIwMTgKClBsZWFzZSByZXZva2UK

rsa signatur: (msg.asc)
VzijbZMHptbIdgOAACSeVLGLKyESeFK4aAKxOS3i/shHDSp53RJJJS0kbeOq7YDCrccqT6gaNXM=
a 46bcFxUvvwcYwQox6bh6s0+R+PHDgt0LVqutUJUlPLvOC9vDRHCy29hPMf6wXQckvy90KUvwk=
c2P tb0GzFfH94DjjQxPfMWwEEZeyUvp2v+KcbFHQNwJp0UKFrfUWW5ooFTZA7E3EeHynW6sHCJ=
S+r64 R5tUdrGGTh1ee6KRrBxOK1qXJVCRF2ftrwXo7rMYUf4MqWCntpD0YMZVkJ5j8VMKx3iVj=
cq+p++b boDqCxaUEnHvY96UMrbsrv/z2rWY2V0oVoAZeA=3D=3D

To proof decode the base64 to the files in the braket ():
Extract the pubkey from the cert:
`$ openssl x509 -in 112840296.crt -pubkey -noout > pub.pem`

and run the following command to verify the message:
`$ openssl pkeyutl -verify -pubin -inkey pub.pem -in msg.txt -sigfile msg.a=
sc`

Is there an easy way to create a cert revoke from the private key?
How to revoke the certificate?

Best Regards
Norbert Summer



certificate as pem (112840296.crt):

-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIQL41amoCH4B2agSUpD8Wd2DANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE3MDQwNTAwMDAwMFoXDTE5MDcwNTIzNTk1
OVowLTErMCkGA1UEAwwibG9jYWxob3N0Lm1lZ2FzeW5jbG9vcGJhY2subWVnYS5u
ejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGT0FSySDLZ0c252+vO
qyPfrXhSeJeMDDeyQw/7FRQsGBpNwaBCRhEwzojuuj/1GimrnKkrmnxyZSpNiG7/
1nhE/9qwcMgwLuUioi+ChldBZ0kcCEn0oGCdiL6NA3RDohAFp31ZH90oxy6Wc3Sg
zKfzas72jBXjt1hXN1Cc8TWTXPUerMrKqsGMe8Z9JDIwDZgK5KXUrcTNBjw0Vhd6
7dmPAUI++4OZGkuqSAoGu/Ac+7TNpA3taWI0HP7wmcG3o9Q029NnTL+JhRFPeThI
eWGL/Fd1X2OqMA3jfdEwisYhakWcGgmlpMVtOxTfPo2PkFT9NhCloE6J6JN87bVp
yXsCAwEAAaOCAZowggGWMC0GA1UdEQQmMCSCImxvY2FsaG9zdC5tZWdhc3luY2xv
b3BiYWNrLm1lZ2EubnowCQYDVR0TBAIwADArBgNVHR8EJDAiMCCgHqAchhpodHRw
Oi8vZ3Auc3ltY2IuY29tL2dwLmNybDBvBgNVHSAEaDBmMGQGBmeBDAECATBaMCoG
CCsGAQUFBwIBFh5odHRwczovL3d3dy5yYXBpZHNzbC5jb20vbGVnYWwwLAYIKwYB
BQUHAgIwIAweaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMB8GA1UdIwQY
MBaAFJfCJ1CewsnsDIgyyHyt4qYBT9pvMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUF
BzABhhNodHRwOi8vZ3Auc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ3Au
c3ltY2IuY29tL2dwLmNydDATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0B
AQsFAAOCAQEApuZ9VVqYOlIrOZ5GFFafwRISq8FGPHiqAwKEMw/b7MjCrDfbMiVM
IfHEaA5FhmijdAbr9LRwyU1XVCfy+Q3pKA95kuronFdIbbc8qyr11hBtiYaHURjc
/8P5Dco6IRdaMViQcy3gIOgFch7Zk+0Gjp71j8RCRiXvcqIHmrLaEkzGAuMMqERX
yp/cofpI+8UfwEEKNIYexZbXRtzuoOWlnm5q32rTFTy8v8QiRI9j52lWGqhlu5ng
KXBEa9En9NHlWAOg1yvhuaULM5tsoPu+/fQTlBit/BPvCmrPmURI1DnNnHLZTfvC
1PhGFNLKImuClH8gASNZe8RzU8jnO6UpvQ=3D=3D
-----END CERTIFICATE-----
0
summern1538
8/2/2018 10:06:25 AM
mozilla.dev.security.policy 1337 articles. 2 followers. Post Follow

0 Replies
19 Views

Similar Articles

[PageSpeed] 39

Reply: