Cryptography Reference
In-Depth Information
The certificate can now be used to check that pk A is indeed A 's public key.
A user that receives this certificate can verify C 's signature which protects the pair
(
frombeing altered. However, there are two important conditions that have
to be met for this authentication method to be effective. One of them is, obviously,
that the user has to trust the signer C . But this is not enough and, in addition, the user
must know that pk C , the public key used to verify the signature in the certificate, is
really C 's key. For example, if C is the same user as A , then the previous certificate
has no value because in that case A 's public key is being used to bind A 's public key
to A 's identity, giving rise to a circular situation.
In order to overcome these difficulties, it is usual that signatures for certificates are
provided by a Certification Authority (or CA, for short), a mutually trusted third party
that issues certificates for all users. An authenticated channel is still necessary for the
distribution of the CA's public key which, in turn, will authenticate the certificates
that the CA emits for users' public keys but, as mentioned before, this makes it
sufficient to distribute a single public key, namely, the CA's key pk CA .
The system that specifies how CAs operate is called a Public - Key Infrastructure
(PKI), which may include tools for certificate management, key management, and a
series of standards for the operation of CAs, giving rise to a highly complex system.
The simplest PKI consists of a unique CA trusted by all users, which issues and
distributes certificates for the users' public keys. In this model every user has to
obtain a legitimate copy of pk CA and the important point is that this only has to
be carried out once. This makes it possible to use physical channels that are easier
to authenticate. For example, users might obtain pk CA at the CA headquarters or,
more commonly, the CA public key may be included in computer software such as,
for example, web browsers. The procedure used by the CA to issue certificates to
users must also be secure—for example, a certificate issued to the wrong user would
produce a major security breach. Thus, obtaining a certificate may require the user
to show up in person in order to provide his identification and his public key.
The following is an example—with some minor simplifications—of the data con-
tained in an X.509 certificate 7 issued to user Jose Luis Gomez Pardo by the FNMT
CA, containing the RSA public key of the user and the signature of the CA, together
with other data such as validity period, algorithms used, etc.:
Cert. version 3
Serial number 0x3cb3bb5c
Issuer FNMT Class 2 CA, FNMT, ES
Not valid before 25/09/2009 11:46:00 GMT
Not valid after
Id A ,
pk A )
25/09/2012 11:46:00 GMT
Subject
GOMEZ PARDO JOSE LUIS - NIF 76...
Public key
(1024 bits)
Public key algorithm rsaEncryption
Modulus:
00: BB 6E 2C 3C E7 C1 BC FD 0A FF 95 D9 D4 ...
10: 97 67 AB 20 52 0F 2B B7 1B CA DD 46 87 ...
..............................................
Exponent:
01 00 01
7 X.509 is a standard for network authentication widely used by Internet standards such as SSL/TLS
and S/MIME. Secure Sockets Layer/Transport Layer Security (SSL/TLS) is a cryptographic stan-
dard for network communications and Internet, and Secure/Multipurpose Internet Mail Extensions
(S/MIME) provides encryption and digital signatures for electronic mail.
 
Search WWH ::




Custom Search