ASN.1: Cryptographic files Zdeněk Říha ASN.1 Grammar  To understand the structure (what is the meaning of particular fields) we need ASN.1 grammar ASN.1 – RSA keys Source: PKCS#1 RSA.key ASN.1 – RSA padding  PKCS#1 v1.5  m = 0x00 || 0x01 || 0xFF … 0xFF || 0x00 || T  Where T is defined as DER encoding of  In practice: Source: PKCS#1 ASN.1 – RSA signature  RSA signature is the number s = md mod n  TSA.crt ASN.1 – signature OIDs Source: BSI TR-03105 Part 5.1 ASN.1 – RSA PSS params RSASSA-PSS SHA256 SHA256 MGF1 Source: PKCS#1  CSCA_CZE.crt ASN.1 – DSA keys DSAPrivateKey is an INTEGER, usually denoted as X Source: RFC 5480 Source: OpenSSL  DSA.key ASN.1 – DSA signature Source: RFC 5480  DSA.crt ASN.1 – DSA - OIDs Source: RFC 5480 ASN.1 – ECDSA keys ECPoint INTEGER Source: RFC 5915 ASN.1 - ECDSA public key  CSCA_Switzerland.crt ASN.1 – ECDSA signatures 1.2.840.10045.4.1 - ecdsa-with-SHA1 Source: RFC 5480  CSCA_Switzerland.crt ASN.1 – ECDSA signature OID Source: BSI TR-03105 Part 5.1 ASN.1 - certificates Source: RFC 5280 ASN.1 – certificates - pubkey Source: RFC 5280  CSCA_CZE.crt ASN.1 – certificates - times  Until 2049: UTCTime  YYMMDDHHMMSSZ  From 2050: GeneralizedTime  YYYYMMDDHHMMSSZ Source: RFC 5280  CSCA_CZE.crt ASN.1 – certificates - names Source: RFC 5280 ASN.1 – certificate - names  CSCA_CZE.crt ASN.1 – certificate - names Source: ITU-T X.520 ASN.1 – certificate - names Source: ITU-T X.520 Certificate profiles  For particular areas/purposes there exist certificate profiles which prescribe what kind of attributes will be used in Names  E.g. for electronic passports ICAO Doc. 9303 states: Source: ICAO Doc. 9303 ASN.1 – certificates – v3  Critical x non-critical extensions Source: RFC 5280 ASN.1 – certs – extensions  CSCA_CZE.crt X509v3 cert extensions  Authority Key Identifier  Identification of the issuing CA  Non critical  Similarly “Subject Key Identifier” Source: RFC 5280 X509v3 cert extensions  Key Usage  Restrictions of the use of the key Source: RFC 5280 X509v3 cert extensions  Extended Key Usage  Purposes of the certified key Source: RFC 5280 X509v3 cert extensions  Certificate Policies  Policy relevant for the issue and use of the certificate  Preferably only an OID Source: RFC 5280 X509v3 cert extensions  Subject Alternative Name  Issuer Alternative Name  “Internet style identities”  Email  DNS name  IP address  URL  Must be verified by CA X509v3 cert extensions  Basic Constraints  Is Subject a CA?  Max. length/depth of the certificate chain/path  A pathLenConstraint of zero indicates that no non-self-issued intermediate CA certificates may follow in a valid certification path. Source: RFC 5280 X509v3 cert extensions  Name Constraints  Only for CA certificates  “indicates a name space within which all subject names in subsequent certificates in a certification path MUST be located” Source: RFC 5280 X509v3 cert extensions  Policy Constraints  Must be critical  For CA certificates  Constraints path validation  Prohibit policy mapping (or)  Require acceptable policy OID in each certificate Source: RFC 5280 X509v3 cert extensions  CRL Distribution Points  How to obtain CRL Source: RFC 5280 ASN.1 – certificate request Source: RFC 5280 ASN.1 - CRL Source: RFC 5280 ASN.1 – PKCS#7 / CMS Source: RFC 5652 ASN.1 - PKCS#7 / CMS Source: RFC 5652 PKCS#7 Sample  France.p7s ASN.1 – PKCS#8 Source: PKCS#8