View
223
Download
6
Embed Size (px)
Citation preview
Certification
Andrea [email protected]
Contents
Brief Overview of Asymmetric CryptographyWhat is certification?X.509X.509 CertificateExtensionsQualified CertificateQC ExtensionsCertificate AuthorityItalian CAsCertificate Revocation List
Contents
Java PackagesJava Code ExampleMicrosoft, Netscape & CertificatesBibliography
Brief Overview of Asymmetric Cryptography
Based on: discrete logarithm problem, elliptic curve discrete logarithm problem, factoring problem, e-root problem
Key Pair: Public (can be showed), Private (kept secret)
Encryption(public key) Decryption(private key)
Encryption(private key) Decryption(public key)
Brief Overview of Asymmetric Cryptography
Attack: Man in the middle
A B
X
What is certification?
It’s the process to release certificates (digital documents attesting to the binding of a public key to an individual or an entity).
Not perform cryptographic operations with keys.
It’s a service of the public key infrastructure (PKI).
X.509
It’s the ITU-T (also known as CCITT) Recommendation to define the certificate sintax.
Used in a lot of authentification and secure communication protocols (ex. SSL).
Exist 3 versions: Version 1 published in 1988 Version 2 published in 1993 Version 3 published in 1995
X.509 Certificate
An X.509certificate consists of the following fields:
VersionInteger (1, 2 or 3)
Serial numberOwn and unique integer
Signature algorithm IDIdentificator of the signature algorithm and the optional parameters
Issuer nameSome information about the issuer: country, locality, state or province, street, organization, organizational unit, common name, e-mail, etc.
Validity periodTwo dates: not valid before and not valid after
X.509 Certificate
Subject nameAs issuer name (country, locality, state or province, street, organization, organizational unit, common name, e-mail, etc).
Subject public key The certificated public key; key algorithms: ECDSA, Diffie Hellman, DSA, RSA.
Issuer unique identifier Versions 2 and 3 only
Subject unique identifierVersions 2 and 3 only
ExtensionsVersion 3 only
Signature on the above fieldsUsing private key of the issuer
Extensions
CriticalIf it is impossible
performing the extension, the certificate is refused
Not CriticalIf it is impossible
performing the extension, the extension is ignored
CAN REVOLUTIONIZE THE CERTIFICATE USE
Extensions
AuthorityKeyIdentifier indicate which is issuer public key corrisponding at the private key used for signing,ever not critic.
BasicConstraints used only in a CA Certificates, how deep a certification path, if the deep is 0 it’s a CA leader certificate, ever critic.
CertificatePolicies some phrases insert by the issuer.
CRLDistributionPoints how find informations about distribution points and the reason, ever not critic.
IssuerAltName alternative name for the issuer.
SubjectAltName alternative name for the issuer, critic if the subject is null.
Extensions
NameConstraints a name space within which all subject names in subsequent certificates in a certification path, can been indicated restrictions to some subject name or subject alternative names, if no name of the type is in the certificate it’s acceptable, it’s possible make restrictions on host or domain, minimun number is 0 and the maximun is absent, used only in CA certificate and ever critic.
KeyUsage the purpose of the key in the certificate: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly; ever critic.Ex. if the public key is used only for signing, digitalSignature and nonRepudiation must be setted true.
ExtendedKeyUsage some addition to or in place of the basic purposes of the KeyUsage.
Extensions
SubjectKeyIdentifierobtained applying SHA-1 at the certicate public key, recommended, ever not critic.
SubjectDirectoryAttributes another subject informations, ever not critic.
PolicyMappings used in CA certificate for mapping the issuer policy with the subject policy making the issuer equal to the subject, not critic if it’s a CA certicate.
PolicyConstraints constrains path validation to prohibit policy mapping or require that each certificate in a path contains an acceptable policy identifier.
Qualified Certificate
Extension of the X.509 certificate
Identify the subject with an high level of security preventing repudiation
Must contain the extensions: •BiometricInformation•CertificatePolicies•KeyUsage•QualifiedCertificateStatements•SubjectDirectoryAttributes
QC Extensions
BiometricInformationholds the hash value corresponding to some specific biometric information which itsself is not included but may be referenced by means of an URI.
QualifiedCertificateStatements statements about qualified certificate, ex: restrictions on CA's liability, certificate issued in accordance with a particular legal system.
Certificate Authority
Any trusted administration able to issue certificates assuring the subject identity
and which is his public key.
Exist a hierarchy of Cas
CA certificate lower level CAsLow level CA release low assurance certificatesHigh level CA release high assurance certificates
VERY HIGH LEVEL OF SECURITY
Italian CAs
The candidate company must present the request and 58 documents (legal, administrative, econimic, security planning, operation planning).
AIPA (Autorità per l'Informatica nella Pubblica Amministrazione) is the italian authority, born with the law 12 February 1993, no.39, to release the permission to a company to issuing certificates.
20 march2001
7 CA known by AIPAS.I.A. S.p.A. (27/01/2000) …Seceti S.p.A. (06/07/2000)
Certificate Revocation List
A list of certificates revoked before their expiration date.
The causes are: certificated public key compromised certificate subject changedCA’s private key compromised
A CRL is maintained by a CA.
The CRLs are downloadable by verifiers from CAs or central repositories, or CAs send CRLs to verifiers at regular intervals.
When the certificate expires, it’s cancelled from the CRL.
Java Packages
ADDSECURITYPROVIDER
Java Code Example
CREATE KEYPAIR
import java.util.*;import java.security.*;import javax.crypto.*;import iaik.x509.*;import iaik.x509.extensions.*;import iaik.asn1.*;import iaik.asn1.structures.*;
public class CertificateExample{ public static void main(String[] args){ Security.addProvider(new iaik.security.provider.IAIK());
X509Certificate cert = new X509Certificate();
KeyPairGenerator kpg = KeyPairGenerator.getInstance(“RSA”, "IAIK"); kpg.initialize(1024, new SecureRandom()); KeyPair kp = generator.generateKeyPair(); ….
CREATE USAGEPERIOD
CREATEEXTEN-SIONS
CREATE ISSUER
Java Code Example
…. Name issuer = new Name(); issuer.addRDN(ObjectID.country, “IT"); issuer.addRDN(ObjectID.organization ,“CRS4"); issuer.addRDN(ObjectID.commonName,
“CRS4 Certificate");
Vector extensions = new Vector(); extensions.addElement(new KeyUsage( KeyUsage.digitalSignature | KeyUsage.decipherOnly));
GregorianCalendar dateStart = new GregorianCalendar(); GregorianCalendar dateStop = new GregorianCalendar(); dateStart.add(Calendar.DATE, -1); dateStop.add(Calendar.MONTH, 6); ….
CERTIFICATE CREATED
Java Code Example
…. cert.setSerialNumber(java.math.BigInteger.valueOf(1)); cert.setIssuerDN(issuer); cert.setSubjectDN(issuer); cert.setPublicKey(kp.getPublic()); cert.setValidNotBefore(dateStart.getTime()); cert.setValidNotAfter(dateStop.getTime()); cert.addExtension(extensions[0]); cert.sign(AlgorithmID.sha1WithRSAEncryption, kp.getPrivate()); …. }}
Microsoft, Netscape & Certificates
Microsoft Windows 2000Microsoft Internet Explorer 5.5Microsoft Outlook Express 5.5
Netscape Navigator 4.75Netscape Messenger 4.75
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft Internet Explorer ignores the html tag<keygen>,
own of Netscape
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Netscape knows CA certificates from user certificates because, before to send the certificate, it’s sent own content-type:
application/x-x509-ca-cert for CA certificate
application/x-x509-user-cert for user certificate
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Microsoft, Netscape and Certificates
Bibliography• RSA Security Faqs
http://www.rsasecurity.com/rsalabs/faq• Public Key Infrastructure
http://www.opengroup.org/security/pkihttp://csrc.ncsl.nist.gov/pki
• Ferragina, Luccio, Appunti di crittografia, Università degli Studi di Pisa
- Dipartimento di Informatica, settembre 2000
• IAIK-JCE 2.61 Reference
http://jcewww.iaik.tu-graz.ac.at• International Telecommucation Unit -Telecommunication Standardization Sector (ITU-T)
http://www.itu.int/ITU-T
Bibliography
• RFC3039 - Qualified Certificate Profileftp://ftp.rfc-editor.org/in-notes/rfc3039.txt
• RFC2459 - Certificate and CRL Profile http://www.ietf.org/rfc/rfc2459.txt
• AIPA - Autorità per l'Informatica nella Pubblica Amministrazione http://www.aipa.ithttp://www.aipa.it/servizi[3/normativa[4/circolari[2/aipacr22.asp