CSR 是否使用私钥加密？

Question

Is the CSR(Certificate Signing Request) containing the public key and the organization details encrypted with the private key?

-If yes, How does the certificate Authority decrypt it, as the public key in the CSR is also encrypted?

-If no, How can the CA be sure that the CSR issuer has the private key?

Answer 1

The structure of CSR is defined in PKCS #10 that is re-published as RFC 2986

CSR includes, among other things, the public key of the requestor. The CA needs to verify that the requestor does hold the corresponding private key. To ensure the ownership of the private key the requestor signs the CSR's data with it's private key.

When CA receives a CSR, it extracts the public key of the requestor and validates the signature. If validation fais, the CSR is rejected.

The Wikipedia page includes a sample CSR with field-by-field decomposition. The sample is a request for a certificate with RSA public key and is signed using md5WithRSAEncryption algorithm.

Answer 2

Is the CSR(Certificate Signing Request) containing the public key and the organization details encrypted with the private key?

It is easy to check that it isn't.

1) Create a private key and associated CSR:

openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout example.key -out example.csr

2) I now have 2 files, the private key and the CSR. Let us show the content of the CSR after having deleted the private key, just to make sure it is not needed, and comparing with the private key.

With private key still there:

$ openssl req -noout -text -in example.csr
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:23:3c:4e:d8:39:ce:9a:16:2f:e2:ef:e7:9b:
                    5d:7f:20:a7:9a:4b:dd:54:ad:6b:b3:ff:33:78:65:
                    f2:b1:e1:e3:b5:eb:23:9d:da:b3:8d:3c:2f:1f:60:
                    9a:17:36:df:0f:4e:3a:bd:fb:9f:73:d5:00:c2:65:
                    04:a2:77:e6:5b:27:f2:30:8f:57:31:c8:bf:d1:0a:
                    cc:db:f5:95:8e:98:ff:34:c5:ed:68:57:f8:43:47:
                    41:ff:cb:6d:27:ae:de:33:95:cd:d6:0a:f8:0b:25:
                    27:99:4e:6b:7d:d8:c4:dd:83:97:57:7a:42:69:4c:
                    41:e2:d6:7f:86:d0:6f:1b:c2:30:b2:e7:a9:ee:5b:
                    9d:a1:ce:80:ec:45:a6:ad:a4:6e:b1:6a:b1:68:ef:
                    c4:7d:5b:6c:e5:24:fe:54:f9:bb:09:48:5c:49:ca:
                    fe:41:28:bc:48:e8:02:bf:ac:b0:5b:c6:3f:bb:0e:
                    17:d4:31:02:31:27:b1:a3:7a:ff:82:49:f0:11:10:
                    64:53:44:ca:61:82:fd:3a:82:5c:07:48:23:1f:db:
                    e5:0f:64:79:09:19:25:b4:a5:07:42:d3:b4:54:75:
                    61:13:43:63:34:a2:72:55:07:d6:d1:8c:74:31:cb:
                    5c:54:1e:6a:e7:04:86:35:4c:d9:a4:31:3f:fd:36:
                    9c:59
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         6d:fb:a6:e5:2b:89:5c:ef:5c:ca:cc:d3:9a:3d:b1:c1:41:9d:
         b5:55:ca:2c:17:ca:ea:74:1d:79:b9:16:ec:81:08:95:94:98:
         e1:2b:50:c7:46:eb:d4:97:09:25:cc:da:b4:bd:34:3c:5a:14:
         c8:88:ed:21:99:63:e9:c0:0e:fa:bb:5d:a7:27:11:22:61:a1:
         1f:d3:65:c8:cc:14:ff:d7:ce:19:29:14:67:ed:e5:b8:31:b5:
         25:55:8e:59:42:f1:2a:6d:f9:fe:4a:be:08:b9:23:c5:b6:3b:
         c8:7e:3f:0c:bd:bb:37:f6:fd:5a:0e:50:50:43:8e:59:f7:b6:
         77:06:50:b2:45:2a:17:f4:53:5a:7c:3c:50:6d:de:74:e3:0e:
         df:94:48:bc:a9:fa:b8:a1:9a:3e:dc:10:c8:50:cb:9b:a7:49:
         cc:ac:88:66:54:e6:d3:06:81:95:f4:ac:e1:61:d7:88:18:74:
         e8:8e:d2:8d:e9:71:7f:99:41:b9:b3:a1:ad:af:d6:0b:2f:46:
         8d:fa:c4:29:b4:40:38:fb:80:31:33:5c:62:67:62:dd:62:14:
         36:fe:8f:8d:36:dc:0c:52:7b:0b:46:1c:58:94:2f:84:a9:54:
         b0:a8:78:a0:9d:30:e9:0d:2f:a5:09:7d:3e:4e:75:16:56:f7:
         94:a7:09:8f

Now removing private key:

rm example.key

and decoding the CSR again:

$ openssl req -noout -text -in example.csr
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:23:3c:4e:d8:39:ce:9a:16:2f:e2:ef:e7:9b:
                    5d:7f:20:a7:9a:4b:dd:54:ad:6b:b3:ff:33:78:65:
                    f2:b1:e1:e3:b5:eb:23:9d:da:b3:8d:3c:2f:1f:60:
                    9a:17:36:df:0f:4e:3a:bd:fb:9f:73:d5:00:c2:65:
                    04:a2:77:e6:5b:27:f2:30:8f:57:31:c8:bf:d1:0a:
                    cc:db:f5:95:8e:98:ff:34:c5:ed:68:57:f8:43:47:
                    41:ff:cb:6d:27:ae:de:33:95:cd:d6:0a:f8:0b:25:
                    27:99:4e:6b:7d:d8:c4:dd:83:97:57:7a:42:69:4c:
                    41:e2:d6:7f:86:d0:6f:1b:c2:30:b2:e7:a9:ee:5b:
                    9d:a1:ce:80:ec:45:a6:ad:a4:6e:b1:6a:b1:68:ef:
                    c4:7d:5b:6c:e5:24:fe:54:f9:bb:09:48:5c:49:ca:
                    fe:41:28:bc:48:e8:02:bf:ac:b0:5b:c6:3f:bb:0e:
                    17:d4:31:02:31:27:b1:a3:7a:ff:82:49:f0:11:10:
                    64:53:44:ca:61:82:fd:3a:82:5c:07:48:23:1f:db:
                    e5:0f:64:79:09:19:25:b4:a5:07:42:d3:b4:54:75:
                    61:13:43:63:34:a2:72:55:07:d6:d1:8c:74:31:cb:
                    5c:54:1e:6a:e7:04:86:35:4c:d9:a4:31:3f:fd:36:
                    9c:59
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         6d:fb:a6:e5:2b:89:5c:ef:5c:ca:cc:d3:9a:3d:b1:c1:41:9d:
         b5:55:ca:2c:17:ca:ea:74:1d:79:b9:16:ec:81:08:95:94:98:
         e1:2b:50:c7:46:eb:d4:97:09:25:cc:da:b4:bd:34:3c:5a:14:
         c8:88:ed:21:99:63:e9:c0:0e:fa:bb:5d:a7:27:11:22:61:a1:
         1f:d3:65:c8:cc:14:ff:d7:ce:19:29:14:67:ed:e5:b8:31:b5:
         25:55:8e:59:42:f1:2a:6d:f9:fe:4a:be:08:b9:23:c5:b6:3b:
         c8:7e:3f:0c:bd:bb:37:f6:fd:5a:0e:50:50:43:8e:59:f7:b6:
         77:06:50:b2:45:2a:17:f4:53:5a:7c:3c:50:6d:de:74:e3:0e:
         df:94:48:bc:a9:fa:b8:a1:9a:3e:dc:10:c8:50:cb:9b:a7:49:
         cc:ac:88:66:54:e6:d3:06:81:95:f4:ac:e1:61:d7:88:18:74:
         e8:8e:d2:8d:e9:71:7f:99:41:b9:b3:a1:ad:af:d6:0b:2f:46:
         8d:fa:c4:29:b4:40:38:fb:80:31:33:5c:62:67:62:dd:62:14:
         36:fe:8f:8d:36:dc:0c:52:7b:0b:46:1c:58:94:2f:84:a9:54:
         b0:a8:78:a0:9d:30:e9:0d:2f:a5:09:7d:3e:4e:75:16:56:f7:
         94:a7:09:8f

Conclusion: same results, proving the key is not needed.

Of course:

1) it was trivial to see that immediately, because if the key was needed when decoding the CSR, you would have need to specify it on command line of openssl (it does not poke out randomly at files)

2) it is of course silly to have deleted the private key because now if some certificate is indeed created out of this CSR, it is useless as the attached private key does not exist anymore.