Creating a Network of Trust Using X.509 Certifi cates - Implementing SSL/TLS Using Cryptography and PKI

Cryptography Reference

In-Depth Information

A recent Internet-wide security analysis by Qualys Research found “22

million SSL servers with certificates that are completely invalid because

they do not match the domain name on which they reside” (see http://www

.esecurityplanet.com/features/article.php/3890171/SSL-Certificates-

In-Use-Today-Arent-All-Valid.htm ), although some of this is likely caused

by virtual hosting rather than truly invalid SSL certifi cates.

subjectPublicKeyInfo

subjectPublicKeyInfo SubjectPublicKeyInfo

Here is the heart of the certifi cate — the public key that it presents. On the client

side, when the certifi cate is received, you use the issuer, validity period, and

the subject fi eld to decide whether you trust the public key well enough to use

it to perform a key exchange. If the subject matches the host you think you're

connecting to, the certifi cate hasn't expired, and the issuer is one you trust, you

have reasonable assurance that there's no man in the middle and you can go

forward with the key exchange and, presumably, trade sensitive information

over the now-secured channel.

The defi nition for SubjectPublicKeyInfo is

SubjectPublicKeyInfo ::= SEQUENCE {

algorithm AlgorithmIdentifier,

subjectPublicKey BIT STRING }

The AlgorithmIdentifier , it should come as no surprise, includes an OID.

Two possible values of interest are shown in Table 5-4.

Table 5-4: Public-Key Algorithm OIDs

ALGORITHM IDENTIFIER

OID

RSA

2A 86 48 86 F7 0D 01 01 01

Diffi e-Hellman

2A 86 48 CE 3E 02 01

NOTE Elliptic-curve Diffi e-Hellman support in X.509 certifi cates is examined

in Chapter 9.

The public key itself is defi ned here as a simple bit string. Recall from Chapter 4,

though, that you need some pretty specifi c information in a pretty specifi c for-

mat to do key exchanges, For RSA, for example, you need the modulus n and

the public exponent e . So, as it turns out, the BIT STRING here actually encodes

another ASN.1 formatted value, whose contents vary depending on the value

of the algorithm identifi er. For RSA, this is

RSAPublicKey ::= SEQUENCE {

modulus INTEGER, -- n

publicExponent INTEGER -- e -- }

Search WWH ::

Custom Search

Home