About PKI Certificates

1
About PKI Certificates

• Dartmouth College PKI Lab

2
X.509 Certificate Defined

• A type that binds an entity's distinguished name
  to a public key with a digital signature. This
  type is defined in the Internet X.509 Public Key
  Infrastructure (PKIX) Certificate and CRL
  Profile. This type also contains the
  distinguished name of the certificate issuer (the
  signer), an issuer-specific serial number, the
  issuer's signature algorithm identifier, a
  validity period, and extensions also defined in
  that document.

3
X.509 Certificate Defined 2

• Data associated with a private key and containing
  a public key that provides information about
• Identities of the issuer and subject
• Certificate validity dates and CRL location
• Certificate intended uses
• Serial number
• Other certificate information

4
X.509 Certificate Format

• version
• serialNumber
• signature
• issuer
• validity
• subject
• subjectPublicKeyInfo
• issuerUniqueIdentifier
• subjectUniqueIdentifier
• Extensions
• Certificate information is contained in ASN.1
  structures.

5
Certificate Encodings

• DER is a binary encoding of the X.509 ASN.1
  structures.
• PEM is the base 64 encoded version of DER. (For
  situations where binary format wont work.)
• Text is a human-readable version of the ASN.1
  structures.

6
PEM Example

• -----BEGIN CERTIFICATE-----
  MIIEbDCCA1SgAwIBAgICBAEwDQYJKoZIhvcNAQEFBQAwdzETMB
  EGCgmSJomT8ixk ARkWA2VkdTEZMBcGCgmSJomT8ixkARkWCWR
  hcnRtb3V0aDELMAkGA1UEBhMCVVMx GjAYBgNVBAoTEURhcnRt
  b3V0aCBDb2xsZWdlMRwwGgYDVQQDExNEYXJ0bW91dGgg
  Q2VydEF1dGgxMB4XDTAzMTAyNDE1MDg1OFoXDTAzMTAyNDE5MD
  g1OFowgaIxEzAR BgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkia
  Jk/IsZAEZFglkYXJ0bW91dGgxCzAJ BgNVBAYTAlVTMRowGAYD
  VQQKExFEYXJ0bW91dGggQ29sbGVnZTEZMBcGA1UEAxMQ
  TWFyayBKLiBGcmFua2xpbjEsMCoGCSqGSIb3DQEJARYdTWFyay
  5KLkZyYW5rbGlu QERhcnRtb3V0aC5lZHUwgZ8wDQYJKoZIhvc
  NAQEBBQADgY0AMIGJAoGBAK2Xsb0 ENqEwgu15Sthv47iKJ8
  9O1ci0TLdbVYoFV92wDykX68m2Z0NSBiMmQqjDk8c6
  USnAvwDZUtMVK5CU9kf9/hiCXmVxbFLgsqbpVEPzc83SGQ3fS7
  0PuFeu00MdTRI6 thtwTF/n7ZfGFc2XGTKXMnwqCh8cbOP7H5
  NAgMBAAGjggFYMIIBVDARBglghkgB hvhCAQEEBAMCBaAwDgYD
  VR0PAQH/BAQDAgXgMIGiBgNVHSAEgZowgZcwgZQGCisG
  AQQBQQIBAQEwgYUwPQYIKwYBBQUHAgIwMTAYFhFEYXJ0bW91dG
  ggQ29sbGVnZTAD AgEBGhVEYXJ0bW91dGggQ29sbGVnZSBDUFM
  wRAYIKwYBBQUHAgEWOGh0dHA6Ly93 d3cuZGFydG1vdXRoLmVk
  dS9cGtpbGFiL0RhcnRtb3V0aENQU180U2VwMDMucGRm
  MCgGA1UdEQQhMBBHU1hcmsuSi5GcmFua2xpbkBEYXJ0bW91dG
  guZWR1MB8GA1Ud IwQYMBaAFD/A1senTwB7waZZ2y8lh5No3c
  SMD8GCCsGAQUFBwEBBDMwMTAvBggr BgEFBQcwAYYjaHR0cDov
  L2NvbGxlZ2VjYS5kYXJ0bW91dGguZWR1L29jc3AwDQYJ
  KoZIhvcNAQEFBQADggEBAB5LvOPrCt6s6Hvba5a7WENTLxhh7
  r2KUZIDH7Y1PJ8 cUN5EfKAUoT00walcTIqCfexLpWJMk38oF4
  gTMwk3sabNEjfQwmdmsJSh2R6eBDL d658t94DpGxXw2U3rzDz
  FDc4lozK9cBn9GRt4w3py31Bz2DDzc4mjscEid44AV3V
  hLhI0ZqlWrqWWutW1Dugqol8A6APVGMjhZsYS5fFUe88LdvZgn
  b9UpDcOAPUoeN5 Rvl/aibNweyCBFU/MqII0Yxf1wrcwg0R2g
  yWaVqyK05ddwxwVJ94aZmAHGL6zO 7FjPU9XwLGBQfHbnbtfR
  ZUechZQhjLlpXyYxRQ1KgM
• -----END CERTIFICATE-----

7
Text Example

• Certificate
• Data
• Version v3
• Serial Number 0x401
• Signature Algorithm SHA1withRSA -
  1.2.840.113549.1.1.5
• Issuer CNDartmouth CertAuth1,ODartmouth
  College,CUS,DCdartmouth,DCedu
• Validity
• Not Before Friday, October 24, 2003 110858
  AM EDT America/New_York
• Not After Friday, October 24, 2003 30858 PM
  EDT America/New_York
• Subject EMark.J.Franklin_at_Dartmouth.edu,CNMark
  J. Franklin,ODartmouth College,CUS,DCdartmouth
  ,DCedu
• Subject Public Key Info
• Algorithm RSA - 1.2.840.113549.1.1.1
• Public Key
• Exponent 65537
• Public Key Modulus (1024 bits)
• AD97B1BFB4F8436A13082ED794AD86
  FE
• 3B88A27CF4ED5C8B44CB75B558A055
  7D
• DB00F2917EBCFA6D99D0D48188CFA6
  42
• A8C393C73A5129C0BF00D952D3152B
  90

8
CertificateViewerExample
9
Certificate Revocation List (CRL) Defined

• A type that contains information about
  certificates whose validity an issuer has
  prematurely revoked. The information consists of
  an issuer name, the time of issue, the next
  scheduled time of issue, a list of certificate
  serial numbers and their associated revocation
  times, and extensions. The CRL is signed by the
  issuer.

10
Certificate Revocation List (CRL) Defined 2

• A secured list of no longer trusted certificates
  provided by a Certificate Authority so
  applications can reject otherwise valid
  certificates that are compromised or otherwise
  invalid before their validity period expires.
• Issued periodically or as needed.
• Checked by applications at certificate
  verification time.
• OCSP protocol provides an alternative which can
  be an online service.

11
CRL Format

• version
• signature
• issuer
• thisUpdate
• nextUpdate
• revokedCertificates
• crlEntryExtensions
• crlExtensions

12
CRL Example
13
CRL Example 2
14
Certificate Viewers

• Windows (invoked from IE, desktop, other
  applications)
• Mozilla/Thunderbird (invoked from Preferences in
  Mozilla or Account Options in Thunderbird)
• Other applications
• Demos of Certificate Viewers
• Windows
• Mozilla

15
About PKI Key Stores

• Dartmouth College PKI Lab

16
Key Store Defined

• Protected vault to hold users private key with
  their copy of their x.509 certificate
• A function of their client computer and software
• Should be locally password protected
• Should be encrypted and/or protected by
  specialized hardware
• May be provided by OS or by application(s)
• May hold the only copy of a private key

17
Key Store Anatomy (first look before we launch
into details)
18
Key Store Interfaces

• Microsoft Windows CAPI
• RSA PKCS11
• RSA PKCS12
• Java Keystore
• Application specific

19
Browsers and Key Stores

• Browsers provide one of the most common ways to
  access key stores
• GUI for key generation and certificate enrollment
• Viewing and manipulating certificates and keys
• Import/export
• Mozilla/Netscape/FireFox does PKCS11
• Internet Explorer/Windows does CAPI

20
Key Store Types

• Software
• Keys encrypted in a file
• Hardware
• Keys stored on specialized hardware tokens

21
OS Key Stores

• CAPI Microsoft Windows CryptoAPI
• Keychain from Apple
• Many Windows applications use CAPI others have
  their own key store.

22
Software Key Store

• Stores certificates and encrypted keys on the
  local computers file system
• Encryption is password protected
• Relatively vulnerable to key theft (depending on
  implementation)
• Requires exporting and importing to use the key
  on another computer or in a different key store
  on the same computer
• All PKI applications support this type of key
  store for some it is the only type supported.

23
Hardware Key Store

• Stores certificates and keys in special purpose
  hardware (typically USB token or smart card and
  reader)
• Much higher assurance - the key cannot be used
  without the users password, but still not
  unbreakable
• Allows easy private key mobility between
  computers and applications
• Two-factor security (need token plus password to
  do anything) makes hardware key stores much more
  secure than software key stores

24
PKCS11

• Standard developed by RSA to provide applications
  with a key store and PKI cryptographic functions
• http//www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
• Used by Mozilla on all OSes (even Windows)
• Has a lower-level API for plugging in different
  implementations (enables hardware tokens)
• Open source implementations available
• Similar to MS CAPI unfortunately MS opted to
  not support PKCS11

25
Microsoft CAPI (AKA CryptoAPI)

• Microsoft Windows standard API for providing
  PKI functionality to applications
• http//msdn.microsoft.com/library/en-us/security/s
  ecurity/cryptography_portal.asp?
• Provides
• Key store function
• Cryptographic operations using the key store and
  certificate
• GUI for managing certificates and keys
• Facilities to create, import, and export
  certificates and keys
• Cryptographic Service Provider (CSP) layer allows
  3rd party software, token, and smartcard
  solutions
• Microsofts software key store CSP has some
  issues

26
Key Store Anatomy (revisited now that we are
familiar with the pieces)
27
Application Key Stores

• Some applications dont use either CAPI or
  PKCS11
• Adds undesirable complexity for average end user
• Incompatible with hardware keys (since they can
  only support PKCS11 and CAPI/CSP interfaces)
• Require exporting and importing certificates/keys
• AOL AIM has its own key store
• Java keystores becoming more utilized

28
How PKI Uses Passwords

• Passwords protect local key stores
• Stored and managed locally by the user
• Never stored on servers (an important feature
  passwords on servers and traversing a network are
  more vulnerable)
• User provides the password to unlock their
  private key all other operations use asymmetric
  key cryptography

29
User Accounts

• Windows CAPI stores software keys in each users
  profile
• If user accounts are secure, then CAPI keys are
  protected by the Windows logon security

30
PKCS7 and PKCS12

• More RSA standards
• No awards for imaginative names
• PKCS7 is general syntax for data that may have
  cryptography applied to it
• http//www.rsasecurity.com/rsalabs/pkcs/pkcs-7/ind
  ex.html
• PKCS12 specifies secure containers for
  transporting PKI certificates with private keys
• http//www.rsasecurity.com/rsalabs/pkcs/pkcs-12/in
  dex.html