Académique Documents
Professionnel Documents
Culture Documents
X.509 Overview
Dr Joseph Sevilla
Public Certificates
a public key,
a name,
an expiration date,
the name of the authority that issued the certificate,
a serial number,
any pertinent policies describing how the certificate was
issued and/or how the certificate may be used,
the digital signature of the certificate issuer,
and perhaps other information.
5
4/25/2012
Certificate Authorities
X.509 Certificates
Certificate Authorities are the repositories for publickeys and can be any agency that issues certificates.
version (1, 2, or 3)
serial number (unique within CA) identifying certificate
signature algorithm identifier
issuer X.500 name (CA that created certificate)
period of validity (from - to dates)
subject X.500 name (name of owner)
subject public-key info (algorithm, parameters, key)
X.509 certificates
X.509 certificates
10
Obtaining a Certificate
Obtaining a Certificate
any user with access to the public key of the CA can verify the
user public key that was certified.
only the CA can modify a certificate.
12
4/25/2012
CA Hierarchy
CA Hierarchy Use
14
Certificate Revocation
Authentication Procedures
16
One-Way Authentication
Two-Way Authentication
Message must include: timestamp (tA), nonce (rA), B's identity (IDB)
and is signed with As private key (sgnData).
Nonce (unique within the expiration time of the message) used to detect
replay attacks.
The timestamp prevents delayed delivery of messages.
17
18
4/25/2012
Three-Way Authentication
X.509 Version 3
20
Certificate Extensions
Certificate Extensions
22
While certificates and the benefits of a PKI are most often associated
with electronic commerce, the applications for PKI are much broader:
Secure electronic mail, payments and electronic checks, Electronic Data
Interchange (EDI), secure transfer of Domain Name System (DNS) and
routing information, electronic forms, and digitally signed documents.
23
4/25/2012
26
Resources
Gary C. Kessler May 1998 (Last updated: 15 July
2008) on:
http://www.garykessler.net/library/crypto.html
27