The X.509 standard has been defined by ITU-T (International Telecommunication Union-Telecommunication) sets standards for public key certificates and a certification path validation algorithm. In the system
X.509 a CA issues a certificate that binds a public key to physical identity, and the control mode has been approved by the IETF (Internet Engineering Task Force) and OCSP (Onlice Certificate Status Protocol).
X.509 standard also includes implementations of CRL (Certificate Revocation List yourself).
An X.509 certificate has the following structure:
| Field | Description | Value |
| Version | Specifica la versione del certificato | INTEGER{v1(0),v2(1),v3(2)} |
| Certificate Serial number | E’ un valore intero univoco assegnato ad ogni certificato rilasciato da una CA. | INTEGER |
| Certificate Algotithm Identifier for Certificate Issuer’s Signature | Specifica l’algoritmo e la funzione hash usati dalla CA per firmare il certificato | Esempi: md5WithRSA sha-1WithRSA |
| Issuer | DN della CA che ha creato e firmato il certificato | CN = GTE CyberTrust Global Root OU = GTE CyberTrust Solutions, Inc. O = GTE Corporation, C = U.S. |
| Validity Period contains two dates, the start date of validity and expiry date | 19 / 02/2008 to 19/02/2011 | |
| Subject DN of the certificate of the user, who is the owner of the certificate and keep the private key | CN = Microsoft Internet Authority | |
| Subject Public-Key Information | fucks Specifies the certificate's public and what was generated algoritno | 0th 30 82 02 02 82 02 01 00 a8 a5 a1 ab e8 6f 0d 43 1b ago d0 ae 27 00 a5 d8 bd aa 64 89 ca 76 f8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. d2 3d 71 9f f5 02 03 01 00 01 |
| Issuer Unique Identifier | E 'to distinguish unambiguously the CA if the DN (the CA) has been re | Usually Omitted |
| E 'to distinguish unambiguously the certificate owner if the DN (the user) has been re | Usually Omitted | |
| Extension | Campi di estensione. Tre categorie: key and policy subject and issuer attributes certification path constraints | |
| Certification Authority’s Digital Signature | sh1, 3d 29 1d b8 ee 22 be e1 33 70 06 f2 ef c6 f9 db dd 03 bb 25 |
I certificati X.509 hanno utilizzo in:
- SSL
- S/MIME
- object-signing
- e-commerce
0 comments:
Post a Comment