Outline Public-key Technology Review Why do we need PKl Digital Certificate Format Composition of PKI PKI Trust Relationship Application of PK 復大辱软件学院 LiJT
LiJT Outline • Public-key Technology Review • Why do we need PKI • Digital Certificate Format • Composition of PKI • PKI Trust Relationship • Application of PKI
Certificate in PKI Certificate sometimes referred to as cert PKI applies to heterogeneous environments, so the format of the certificate must be uniform within the scope of use a certificate is a certificate issued by an institution to a security subject, so the authority of the certificate depends on the authority of the organization The most important information in a certificate is the subjects name, the subject's public key, the organization ' s signature algorithm and use Signing certificate and encrypting certificate are two steps The most commonly used certificate format is X509 v3 復大辱软件学院 LiJT
LiJT Certificate in PKI • Certificate, sometimes referred to as cert • PKI applies to heterogeneous environments, so the format of the certificate must be uniform within the scope of use • A certificate is a certificate issued by an institution to a security subject, so the authority of the certificate depends on the authority of the organization. • The most important information in a certificate is the subject's name, the subject's public key, the organization's signature, algorithm, and use • Signing certificate and encrypting certificate are two steps • The most commonly used certificate format is X.509 v3
Certificate(continued) The certificate format follows the x509 international standard Actually one of the x 500 series standards The content of the certificate should also indicate the validity of the certificate Certificate does not expire The key has not been modified Users still have the right to use this key The Ca is responsible for recovering certificates and issuing a list of invalid certificates · Certificate usage Certificates help verify personal identity.Your certificate and your key are proof of who you are 復大辱软件学院 LiJT
LiJT Certificate (continued) • The certificate format follows the X.509 international standard – Actually one of the X.500 series standards • The content of the certificate should also indicate the validity of the certificate: • —Certificate does not expire —The key has not been modified —Users still have the right to use this key —The CA is responsible for recovering certificates and issuing a list of invalid certificates • Certificate usage Certificates help verify personal identity . Your certificate and your key are proof of who you are
X509 certificate format Version 1.23 ersion Serial number Certificate Serial Number Unique within CA Signature algorithm algorithm parameters Signature algorithm identifier Issuer name identifier Period of ot befo the signature algorithm validit not after in this certificate Subject name Subjects al Issuer Name public key ral info Name of ca Issuer Unique Identifier Period of validity Subject Unique Identifier Start time and end time Extensions Subject Name algorith Signature arameter 1 encrypt 復大辱软件学院 LIJ
LiJT X.509 certificate format • Version 1,2,3 • Serial Number – Unique within CA • Signature algorithm identifier – the signature algorithm in this certificate • Issuer Name – Name of CA • Period of Validity – Start time and end time • Subject Name
e X 509 certificate format(continued Subject's public key info Version algorithms Certificate Serial Number parameters Signature algorithm algorithm key identifier parameters Issuer Unique Identifier Issuer Name Period of not befo Subject Unique Identifier validity not after Extensions Subiect name algorith Signature public key rameters info Issuer Unique Identifie Subject Unique Identifier Extensions Signatur 復大辱软件学院 LiJT
LiJT X.509 certificate format(continued) • Subject’s public key info – algorithms – parameters – key • Issuer Unique Identifier • Subject Unique Identifier • Extensions • Signature