certification andrea piras piras@crs4.it contents brief overview of asymmetric cryptography what is...

Certification

Andrea Piraspiras@crs4.it

Contents

Brief Overview of Asymmetric CryptographyWhat is certification?X.509X.509 CertificateExtensionsQualified CertificateQC ExtensionsCertificate AuthorityItalian CAsCertificate Revocation List

Contents

Java PackagesJava Code ExampleMicrosoft, Netscape & CertificatesBibliography

Brief Overview of Asymmetric Cryptography

Based on: discrete logarithm problem, elliptic curve discrete logarithm problem, factoring problem, e-root problem

Key Pair: Public (can be showed), Private (kept secret)

Encryption(public key) Decryption(private key)

Encryption(private key) Decryption(public key)

Brief Overview of Asymmetric Cryptography

Attack: Man in the middle

A B

X

What is certification?

It’s the process to release certificates (digital documents attesting to the binding of a public key to an individual or an entity).

Not perform cryptographic operations with keys.

It’s a service of the public key infrastructure (PKI).

X.509

It’s the ITU-T (also known as CCITT) Recommendation to define the certificate sintax.

Used in a lot of authentification and secure communication protocols (ex. SSL).

Exist 3 versions: Version 1 published in 1988 Version 2 published in 1993 Version 3 published in 1995

X.509 Certificate

An X.509certificate consists of the following fields:

VersionInteger (1, 2 or 3)

Serial numberOwn and unique integer

Signature algorithm IDIdentificator of the signature algorithm and the optional parameters

Issuer nameSome information about the issuer: country, locality, state or province, street, organization, organizational unit, common name, e-mail, etc.

Validity periodTwo dates: not valid before and not valid after

X.509 Certificate

Subject nameAs issuer name (country, locality, state or province, street, organization, organizational unit, common name, e-mail, etc).

Subject public key The certificated public key; key algorithms: ECDSA, Diffie Hellman, DSA, RSA.

Issuer unique identifier Versions 2 and 3 only

Subject unique identifierVersions 2 and 3 only

ExtensionsVersion 3 only

Signature on the above fieldsUsing private key of the issuer

Extensions

CriticalIf it is impossible

performing the extension, the certificate is refused

Not CriticalIf it is impossible

performing the extension, the extension is ignored

CAN REVOLUTIONIZE THE CERTIFICATE USE

Extensions

AuthorityKeyIdentifier indicate which is issuer public key corrisponding at the private key used for signing,ever not critic.

BasicConstraints used only in a CA Certificates, how deep a certification path, if the deep is 0 it’s a CA leader certificate, ever critic.

CertificatePolicies some phrases insert by the issuer.

CRLDistributionPoints how find informations about distribution points and the reason, ever not critic.

IssuerAltName alternative name for the issuer.

SubjectAltName alternative name for the issuer, critic if the subject is null.

Extensions

NameConstraints a name space within which all subject names in subsequent certificates in a certification path, can been indicated restrictions to some subject name or subject alternative names, if no name of the type is in the certificate it’s acceptable, it’s possible make restrictions on host or domain, minimun number is 0 and the maximun is absent, used only in CA certificate and ever critic.

KeyUsage the purpose of the key in the certificate: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly; ever critic.Ex. if the public key is used only for signing, digitalSignature and nonRepudiation must be setted true.

ExtendedKeyUsage some addition to or in place of the basic purposes of the KeyUsage.

Extensions

SubjectKeyIdentifierobtained applying SHA-1 at the certicate public key, recommended, ever not critic.

SubjectDirectoryAttributes another subject informations, ever not critic.

PolicyMappings used in CA certificate for mapping the issuer policy with the subject policy making the issuer equal to the subject, not critic if it’s a CA certicate.

PolicyConstraints constrains path validation to prohibit policy mapping or require that each certificate in a path contains an acceptable policy identifier.

Qualified Certificate

Extension of the X.509 certificate

Identify the subject with an high level of security preventing repudiation

Must contain the extensions: •BiometricInformation•CertificatePolicies•KeyUsage•QualifiedCertificateStatements•SubjectDirectoryAttributes

QC Extensions

BiometricInformationholds the hash value corresponding to some specific biometric information which itsself is not included but may be referenced by means of an URI.

QualifiedCertificateStatements statements about qualified certificate, ex: restrictions on CA's liability, certificate issued in accordance with a particular legal system.

Certificate Authority

Any trusted administration able to issue certificates assuring the subject identity

and which is his public key.

Exist a hierarchy of Cas

CA certificate lower level CAsLow level CA release low assurance certificatesHigh level CA release high assurance certificates

VERY HIGH LEVEL OF SECURITY

Italian CAs

The candidate company must present the request and 58 documents (legal, administrative, econimic, security planning, operation planning).

AIPA (Autorità per l'Informatica nella Pubblica Amministrazione) is the italian authority, born with the law 12 February 1993, no.39, to release the permission to a company to issuing certificates.

20 march2001

7 CA known by AIPAS.I.A. S.p.A. (27/01/2000) …Seceti S.p.A. (06/07/2000)

Certificate Revocation List

A list of certificates revoked before their expiration date.

The causes are: certificated public key compromised certificate subject changedCA’s private key compromised

A CRL is maintained by a CA.

The CRLs are downloadable by verifiers from CAs or central repositories, or CAs send CRLs to verifiers at regular intervals.

When the certificate expires, it’s cancelled from the CRL.

Java Packages

ADDSECURITYPROVIDER

Java Code Example

CREATE KEYPAIR

import java.util.*;import java.security.*;import javax.crypto.*;import iaik.x509.*;import iaik.x509.extensions.*;import iaik.asn1.*;import iaik.asn1.structures.*;

public class CertificateExample{ public static void main(String[] args){ Security.addProvider(new iaik.security.provider.IAIK());

X509Certificate cert = new X509Certificate();

KeyPairGenerator kpg = KeyPairGenerator.getInstance(“RSA”, "IAIK"); kpg.initialize(1024, new SecureRandom()); KeyPair kp = generator.generateKeyPair(); ….

CREATE USAGEPERIOD

CREATEEXTEN-SIONS

CREATE ISSUER

Java Code Example

…. Name issuer = new Name(); issuer.addRDN(ObjectID.country, “IT"); issuer.addRDN(ObjectID.organization ,“CRS4"); issuer.addRDN(ObjectID.commonName,

“CRS4 Certificate");

Vector extensions = new Vector(); extensions.addElement(new KeyUsage( KeyUsage.digitalSignature | KeyUsage.decipherOnly));

GregorianCalendar dateStart = new GregorianCalendar(); GregorianCalendar dateStop = new GregorianCalendar(); dateStart.add(Calendar.DATE, -1); dateStop.add(Calendar.MONTH, 6); ….

CERTIFICATE CREATED

Java Code Example

…. cert.setSerialNumber(java.math.BigInteger.valueOf(1)); cert.setIssuerDN(issuer); cert.setSubjectDN(issuer); cert.setPublicKey(kp.getPublic()); cert.setValidNotBefore(dateStart.getTime()); cert.setValidNotAfter(dateStop.getTime()); cert.addExtension(extensions[0]); cert.sign(AlgorithmID.sha1WithRSAEncryption, kp.getPrivate()); …. }}

Microsoft, Netscape & Certificates

Microsoft Windows 2000Microsoft Internet Explorer 5.5Microsoft Outlook Express 5.5

Netscape Navigator 4.75Netscape Messenger 4.75

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft Internet Explorer ignores the html tag<keygen>,

own of Netscape

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Netscape knows CA certificates from user certificates because, before to send the certificate, it’s sent own content-type:

application/x-x509-ca-cert for CA certificate

application/x-x509-user-cert for user certificate

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Microsoft, Netscape and Certificates

Bibliography• RSA Security Faqs

http://www.rsasecurity.com/rsalabs/faq• Public Key Infrastructure

http://www.opengroup.org/security/pkihttp://csrc.ncsl.nist.gov/pki

• Ferragina, Luccio, Appunti di crittografia, Università degli Studi di Pisa

- Dipartimento di Informatica, settembre 2000

• IAIK-JCE 2.61 Reference

http://jcewww.iaik.tu-graz.ac.at• International Telecommucation Unit -Telecommunication Standardization Sector (ITU-T)

http://www.itu.int/ITU-T

Bibliography

• RFC3039 - Qualified Certificate Profileftp://ftp.rfc-editor.org/in-notes/rfc3039.txt

• RFC2459 - Certificate and CRL Profile http://www.ietf.org/rfc/rfc2459.txt

• AIPA - Autorità per l'Informatica nella Pubblica Amministrazione http://www.aipa.ithttp://www.aipa.it/servizi[3/normativa[4/circolari[2/aipacr22.asp