Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.



Similar documents
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

public key version 0.2

Ciphermail S/MIME Setup Guide

Certificate Policy for. SSL Client & S/MIME Certificates

Certificate Path Validation

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

X.509 Certificate Generator User Manual

PKI and OpenSSL part 1 X.509 from the user s and the client software s point of view

Certificates and network security

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

OpenCA v (ten-ten 2 )

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS)

Electronic mail security. MHS (Message Handling System)

ETSI TS V1.1.1 ( )

Key Management and Distribution

Grid Computing - X.509

Introduction to Network Security Key Management and Distribution

Secure web transactions system

Multiple electronic signatures on multiple documents

Authentication Applications

Representation of E-documents in AIDA Project

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Signatures in a PDF

How To Make A Trustless Certificate Authority Secure

PUBLIC-KEY CERTIFICATES

Security Digital Certificate Manager

CALIFORNIA SOFTWARE LABS

Electronic Signature. István Zsolt BERTA Public Key Cryptographic Primi4ves

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Asymmetric cryptosystems fundamental problem: authentication of public keys

eid Security Frank Cornelis Architect eid fedict All rights reserved

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Biometrics, Tokens, & Public Key Certificates

TechNote 0006: Digital Signatures in PDF/A-1

Cryptography and Network Security Chapter 14

Security Digital Certificate Manager

SWITCHaai Metadata CA. Certificate Policy and Certification Practice Statement

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

CERTIFICATION PRACTICE STATEMENT UPDATE

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

APNIC Trial of Certification of IP Addresses and ASes

ETSI TS V1.1.1 ( ) Technical Specification

Key Management and Distribution

Authentication Application

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

PKI NBP Certification Policy for ESCB Signature Certificates. OID: version 1.5

How To Understand And Understand The Security Of A Key Infrastructure

Authentication Applications

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Configuring SSL Termination

Aloaha Sign! (English Version)

Axway Validation Authority Suite

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: version 1.2

Understanding digital certificates

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Digital Certificates Demystified

RSA Digital Certificate Solution

public_key Copyright Ericsson AB, All Rights Reserved public_key September 22, 2015

Information Systems Security Management

CS 356 Lecture 28 Internet Authentication. Spring 2013

X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities

A Noval Approach for S/MIME

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

SecureStore I.CA. User manual. Version 2.16 and higher

phicert Direct Certificate Policy and Certification Practices Statement

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

Standards and Products. Computer Security. Kerberos. Kerberos

An LDAP/X.500 based distributed PGP Keyserver

Key & Data Storage on Mobile Devices

Security Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -

ETSI TS V1.3.2 ( )

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2

CERTIFICATE POLICY KEYNECTIS SSL CA

Configuring Digital Certificates

Displaying SSL Certificate and Key Pair Information

Public-Key Infrastructure

SBClient SSL. Ehab AbuShmais

Trustis FPS PKI Glossary of Terms

TELSTRA RSS CA Subscriber Agreement (SA)

mod_ssl Cryptographic Techniques

- X.509 PKI SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright , The Walt Disney Company

NIST Test Personal Identity Verification (PIV) Cards

Optimized Certificates A New Proposal for Efficient Electronic Document Signature Validation

Transcription:

The X.509 standard, PKI and electronic uments Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dipartimento di Automatica e Informatica Certification Authority (4) cert repository (cert, CRL) Certification Authority (3) Anna OK (1) Kpub, Anna (4) cert (Anna,Kpub) Registration Authority (1) Kpri (2) Anna PC X.509 certificates standard ITU-T X.509: v1 (1988) v2 (1993) = minor v3 (1996) = v2 + extensions + attribute certificate v1 v3 (2001) = v3 + attribute certificates v2 is part of the standard X.500 for directory services (white pages) is a solution to the problem of identifying the owner of a cryptographic key definition in ASN.1 (Abstract Syntax Notation 1) X.509 3 standard completed in June 1996 groups together in a unique ument the modifications required to extend the definition of certificate and CRL two types of extensions: public, that is defined by the standard and consequently made public to anybody private, unique for a certain user community Critical extensions an extension can be defined as critical or non critical: in the verification process the certificates that contain an unrecognized critical extension MUST be rejected a non critical extension MAY be ignored if it is unrecognized the different (above) processing is entirely the responsibility of the party that performs the verification: the Relying Party (RP) Public extensions X.509v3 defines four extension classes: key and policy information certificate subject and certificate issuer attributes certificate path constraints CRL distribution points A.Lioy - Politecnico di Torino (1997-2009) 1

Key and policy information authority key identifier subject key identifier key usage private key usage period certificate policies policy mappings key usage Key and policy information identifies the application domain for which the public key can be used can be critical or not critical if it is critical then the certificate can be used only for the scopes for which the corresponding option is defined Key and policy information key usage the applications that can be defined are: digitalsignature (CA, user) nonrepudiation (user) keyencipherment (user) dataencipherment keyagreement (encipheronly, decipheronly) keycertsign (CA) crlsign (CA) Certificate subject and certificate issuer attributes subject alternative name issuer alternative name subject directory attributes Certificate subject and certificate issuer attributes subject alternative name allows to use different formalisms to identify the owner of the certificate (e.g. e-mail address, IP address, URL) always critical if the field subject-name is empty X.509 alternative names various possibilities: rfc822name dnsname ipaddress uniformresourceidentifier directoryname X400Address edipartyname registeredid othername A.Lioy - Politecnico di Torino (1997-2009) 2

CRL distribution point CRL distribution point identifies the distribution point of the CRL to be used in validating a certificate can be: directory entry e-mail or URL critical o non critical PKIX private extensions authority information access indicates how to access information and services of the CA that issued the certificate: certstatus certretrieval capolicy CA cacerts services critical or not critical cert issuer AIA Extended key usage in addition or in substitution of keyusage possible values: (id-pkix.3.1) serverauth [DS, KE, KA] (id-pkix.3.2) clientauth [DS, KA] (id-pkix.3.3) codesigning [DS] (id-pkix.3.4) emailprotection [DS, NR, KE, KA] (id-pkix.3.8) timestamping [DS, NR] CRL X.509 Certificate Revocation List list of revoked certificates CRLs are issued periodically and maintained by the certificate issuers CRLs are digitally signed: by the CA that issued the certificates by a revocation authority delegated by the (indirect CRL, icrl) CRL X.509 2 CertificateList ::= SEQUENCE { tbscertlist TBSCertList, Algorithm AlgorithmIdentifier, Value BIT STRING } TBSCertList ::= SEQUENCE { Version OPTIONAL, -- if present, must be v2 AlgorithmIdentifier, issuer Name, thisupdate Time, nextupdate Time OPTIONAL, revokedcertificates SEQUENCE { usercertificate CertificateSerialNumber, revocationdate Time, crlentryextensions Extensions OPTIONAL } OPTIONAL, crlextensions [0] Extensions OPTIONAL } Extensions of CRLv2 crlentryextensions: reason code hold instruction code invalidity date certificate issuer crlextensions: authority key identifier issuer alternative name CRL number delta CRL indicator issuing distribution point A.Lioy - Politecnico di Torino (1997-2009) 3

Certificate revocation timeline key compromise event CRL n issued cert revocation request cert revocation time CRL n+1 issued time RFC-2560: On-line Certificate Status Protocol IETF-PKIX standard to verify online if a certificate is valid: good revoked revocationtime revocationreason unknown response signed by the server (not by the CA!) the server certificate cannot be verified with itself! Architecture of possible pre-computed responses decreases the computational load on the server but makes possible replay attacks! possible to obtain information not from CRL (embedded) client server HTTP FTP... CRL CRL Models of responder Trusted Responder the server signs the responses with a pair key:cert independent of the CA for which it is responding company responder or TTP paid by the users Delegated Responder the server signs the responses with a pair key:cert which is (can be) different based on the CA for which it is responding TTP paid by the CA Time-stamping proof of creation of data before a certain point in time TSA (Time-Stamping Authority) RFC-3161: request protocol (TSP, Time-Stamp Protocol) format of the proof (TST, Time-Stamp Token) TST hash digest digest date and time (TSA) TSA PSE (Personal Security Environment) each user should protect: his own private key (secret!) the certificates of the trusted root CAs (authentic!) software PSE: (encrypted) file of the private key hardware PSE: passive = protected keys (same as sw PSE) active = protected keys + crypto operations mobility is possible in both cases (but with problems) A.Lioy - Politecnico di Torino (1997-2009) 4

Cryptographic smart-card chip cards with memory and/or autonomous cryptographic capacity simple: DES complex: RSA length of the key? generation of the private key on board? few memory (EEPROM): 4-32 Kbyte μcontroller ROM cryptographic RAM E 2 PROM coprocessor HSM (HW Security Module) cryptographic accelerator for servers secure storage of private key autonomous encryption capabilities (RSA, sometimes symmetric algorithms too) form factor: PCI board or external device (USB, IP, SCSI, ) crypto coprocessor protected memory RAM CPU firmware I/O Security API (low level) PKCS-11 = (only) crypto engine in software in hardware smart card cryptographic card part of the CDSA architecture MS-CAPI CSP (Crypto Service Provider) same functions as PKCS-11 but proprietary API of MS Secure data formats PKCS-7 = secure envelope signed and/or encrypted PKCS-10 = certificate request used in the communication among the client and CA / RA PKCS-12 = software PSE (Personal Security Environment) transport of keys and certificates are not application formats: S/MIME? IDUP-GSS-API? XML-DSIG? legal electronic uments? PKCS-7 and CMS formats cryptographic message syntax PKCS-7 is the RSA standard for secure envelope (v1.5 is also RFC-2315) CMS is the evolution of PKCS-7 inside IETF, numbered as RFC-2630 allows signing and/or encryption of data, with symmetric or asymmetric algorithms allows to put more s on the same object (hierarchical or parallel) can include the certificates used for the is a recursive format PKCS-7: structure Info Type... 1 N Type A.Lioy - Politecnico di Torino (1997-2009) 5

PKCS-7: Type PKCS-7: signeddata data encoding of a generic sequence of bytes signeddata data + parallel digital s (1..N) envelopeddata data encrypted symm. + key encrypted with RSA signedandenvelopeddata RSA encryption of (data + digital s) digestdata data + digest encrypteddata data encrypted with a symmetric algorithm signeddata digestalgorithm Info certificates crls signerinfo issuer + SN encrypteddigest PKCS-7: envelopeddata PKCS-10 issuer + SN encalgorithm envelopeddata encryptedcontentinfo recipientinfo... Type encryptionalgorithm encryptedcontent data to `be certified DN public key attributes computation of DN public key attributes PKCS#10 enckey recipientinfo private key of the entity to be certified PKCS-12 format (security bag) transport of (personal) cryptographic material among applications / different systems transports a private key and one or more certificates transports the digital identity of a user used by Netscape, Microsoft, Lotus, criticized from the technical point of view (especially in the MS implementation) but widely used export.p12.pfx import signed data ument enveloping (es. PKCS-7) Formats of signed uments ument ument data enveloped (es. PDF) ument detached (es. PKCS-7) A.Lioy - Politecnico di Torino (1997-2009) 6

Multiple s (parallel / independent) Multiple s (sequential / hierarchical) ds (, X) f (, X) f (, X) f (, X) f (, X) f (, X) f (, Y) f (, Y) f (-, Y) f (-, Y) f (, Z) f( (-, Z) X Y Z X Y Z A.Lioy - Politecnico di Torino (1997-2009) 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information