ASN.1: Cryptographic files Zdeněk Říha ASN.1 Grammar lTo understand the structure (what is the meaning of particular fields) we need ASN.1 grammar l ASN.1 – RSA keys Source: PKCS#1 < RSA.key ASN.1 – RSA padding lPKCS#1 v1.5 lm = 0x00 || 0x01 || 0xFF … 0xFF || 0x00 || T lWhere T is defined as DER encoding of l l lIn practice: Source: PKCS#1 ASN.1 – RSA signature lRSA signature is the number s = md mod n < TSA.crt ASN.1 – signature OIDs Source: BSI TR-03105 Part 5.1 ASN.1 – RSA PSS params RSASSA-PSS SHA256 SHA256 MGF1 Source: PKCS#1 < CSCA_CZE.crt ASN.1 – DSA keys DSAPrivateKey is an INTEGER, usually denoted as X Source: RFC 5480 Source: OpenSSL < DSA.key ASN.1 – DSA signature Source: RFC 5480 < DSA.crt ASN.1 – DSA - OIDs Source: RFC 5480 ASN.1 – ECDSA keys ECPoint INTEGER Source: RFC 5915 ASN.1 - ECDSA public key < CSCA_Switzerland.crt ASN.1 – ECDSA signatures 1.2.840.10045.4.1 - ecdsa-with-SHA1 Source: RFC 5480 < CSCA_Switzerland.crt ASN.1 – ECDSA signature OID Source: BSI TR-03105 Part 5.1 ASN.1 - certificates Source: RFC 5280 ASN.1 – certificates - pubkey Source: RFC 5280 < CSCA_CZE.crt ASN.1 – certificates - times lUntil 2049: UTCTime lYYMMDDHHMMSSZ lFrom 2050: GeneralizedTime lYYYYMMDDHHMMSSZ Source: RFC 5280 < CSCA_CZE.crt ASN.1 – certificates - names Source: RFC 5280 ASN.1 – certificate - names < CSCA_CZE.crt ASN.1 – certificate - names Source: ITU-T X.520 ASN.1 – certificate - names Source: ITU-T X.520 Certificate profiles lFor particular areas/purposes there exist certificate profiles which prescribe what kind of attributes will be used in Names lE.g. for electronic passports ICAO Doc. 9303 states: Source: ICAO Doc. 9303 ASN.1 – certificates – v3 lCritical x non-critical extensions Source: RFC 5280 ASN.1 – certs – extensions < CSCA_CZE.crt X509v3 cert extensions lAuthority Key Identifier lIdentification of the issuing CA lNon critical lSimilarly “Subject Key Identifier” Source: RFC 5280 X509v3 cert extensions lKey Usage lRestrictions of the use of the key Source: RFC 5280 X509v3 cert extensions lExtended Key Usage lPurposes of the certified key Source: RFC 5280 X509v3 cert extensions lCertificate Policies lPolicy relevant for the issue and use of the certificate lPreferably only an OID Source: RFC 5280 X509v3 cert extensions lSubject Alternative Name lIssuer Alternative Name l“Internet style identities” lEmail lDNS name lIP address lURL lMust be verified by CA X509v3 cert extensions lBasic Constraints lIs Subject a CA? lMax. length/depth of the certificate chain/path lA pathLenConstraint of zero indicates that no non-self-issued intermediate CA certificates may follow in a valid certification path. Source: RFC 5280 X509v3 cert extensions lName Constraints lOnly for CA certificates l“indicates a name space within which all subject names in subsequent certificates in a certification path MUST be located” l Source: RFC 5280 X509v3 cert extensions lPolicy Constraints lMust be critical lFor CA certificates lConstraints path validation lProhibit policy mapping (or) lRequire acceptable policy OID in each certificate Source: RFC 5280 X509v3 cert extensions lCRL Distribution Points lHow to obtain CRL l Source: RFC 5280 ASN.1 – certificate request Source: RFC 5280 ASN.1 - CRL Source: RFC 5280 ASN.1 – PKCS#7 / CMS Source: RFC 5652 ASN.1 - PKCS#7 / CMS Source: RFC 5652 PKCS#7 Sample < France.p7s ASN.1 – PKCS#8 Source: PKCS#8