From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc4212.txt | 1067 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1067 insertions(+) create mode 100644 doc/rfc/rfc4212.txt (limited to 'doc/rfc/rfc4212.txt') diff --git a/doc/rfc/rfc4212.txt b/doc/rfc/rfc4212.txt new file mode 100644 index 0000000..d7bbae5 --- /dev/null +++ b/doc/rfc/rfc4212.txt @@ -0,0 +1,1067 @@ + + + + + + +Network Working Group M. Blinov +Request for Comments: 4212 Guardeonic Solutions +Category: Informational C. Adams + University of Ottawa + October 2005 + + + Alternative Certificate Formats for the + Public-Key Infrastructure Using X.509 (PKIX) + Certificate Management Protocols + +Status of This Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard of any kind. Distribution of this + memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2005). + +IESG Note + + This document is not a candidate for any level of Internet Standard. + The IETF disclaims any knowledge of the fitness of this document for + any purpose, and in particular notes that it has not had IETF review + for such things as security, congestion control, or inappropriate + interaction with deployed protocols. The RFC Editor has chosen to + publish this document at its discretion. Readers of this document + should exercise caution in evaluating its value for implementation + and deployment. + +Abstract + + The Public-Key Infrastructure using X.509 (PKIX) Working Group of the + Internet Engineering Task Force (IETF) has defined a number of + certificate management protocols. These protocols are primarily + focused on X.509v3 public-key certificates. However, it is sometimes + desirable to manage certificates in alternative formats as well. + This document specifies how such certificates may be requested using + the Certificate Request Message Format (CRMF) syntax that is used by + several different protocols. It also explains how alternative + certificate formats may be incorporated into such popular protocols + as PKIX Certificate Management Protocol (PKIX-CMP) and Certificate + Management Messages over CMS (CMC). + + + + + + +Blinov & Adams Informational [Page 1] + +RFC 4212 Alternative Certificate Formats October 2005 + + +1. Introduction + + Full certificate life-cycle management in a Public-Key Infrastructure + (PKI) requires protocol support in order to achieve automated + processing and end user transparency. Such protocols require + standardization in order to allow more than one vendor to supply + various pieces -- End Entity (EE), Certification Authority (CA), + Registration Authority (RA) -- in the PKI deployment of a single + organization, or to allow multiple, independently-deployed PKIs to be + interconnected usefully. + + The IETF PKIX (Public-Key Infrastructure using X.509) Working Group + currently has several certificate management protocols and + certificate request syntax specifications on the standards track. + Although these specifications are primarily focused on X.509v3 + public-key certificates, some of them can be easily extended to + handle certificates in alternative formats as well. + + This document focuses on a popular certificate request syntax called + CRMF (Certificate Request Message Format) [CRMF]. Although the + original specification of CRMF is X.509-specific, extensions have + already been proposed to allow for alternative certificate templates + [CMP]. However, those extensions have only defined a framework; they + did not define the exact format to be used for various certificate + types. + + This document builds on top of the framework mentioned above and + defines how CRMF can be used to request certificates of the following + types: + + - X.509 attribute certificates [ATTCERT] + + - OpenPGP certificates [OPENPGP] + + The CRMF syntax is used by such popular protocols as PKIX-CMP (PKIX + Certificate Management Protocol) [CMP] and CMC (Certificate + Management Messages over CMS) [CMC]. This means that CRMF extensions + proposed in this document enable these protocols to request + certificates of the above types. However, it is not enough to be + able to request a certificate. The protocol should be prepared to + handle certificates of a particular type and, for example, return + them to the user. + + This document proposes extensions to the PKIX-CMP and CMC protocols + that are required to manage certificates in alternative formats. + + + + + + +Blinov & Adams Informational [Page 2] + +RFC 4212 Alternative Certificate Formats October 2005 + + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [RFC2119]. + +2. Certificate Template + + One of the features of the CRMF format is its use of the CertTemplate + construct, which allows a requester (EE, or RA acting on behalf of an + EE) to specify as much or as little as they wish regarding the + content of the requested certificate. It is explicitly noted that + the CA has final authority over the actual certificate content; that + is, the CA may alter certificate fields or may add, delete, or alter + extensions according to its operating policy (if the resulting + certificate is unacceptable to the EE or RA, then that certificate + may be rejected and/or revoked prior to any publication/use). + + A similar flexibility in the request must be available for + alternative certificate types as well. For this purpose, an + AltCertTemplate extension was introduced in [CMP] as follows (where + id-regCtrl = {1 3 6 1 5 5 7 5 1}, as defined in [CRMF]). + + CertRequest ::= SEQUENCE { + certReqId INTEGER, + certTemplate CertTemplate, + controls Controls OPTIONAL } + + -- If certTemplate is an empty SEQUENCE (i.e., all fields + -- omitted), then controls MAY contain the + -- id-regCtrl-altCertTemplate control, specifying a template + -- for a certificate other than an X.509v3 public-key + -- certificate. Conversely, if certTemplate is not empty + -- (i.e., at least one field is present), then controls + -- MUST NOT contain id-regCtrl-altCertTemplate. The new + -- control is defined as follows: + id-regCtrl-altCertTemplate OBJECT IDENTIFIER ::= {id-regCtrl 7} + AltCertTemplate ::= AttributeTypeAndValue + + In this section, an AltCertTemplate is specified for each of the + alternative certificate types defined in Section 1. + +2.1. X.509 Attribute Certificate CertTemplate + + A CertTemplate for an X.509 attribute certificate can be used by + simply defining an object identifier (OID) and corresponding value + for use in the id-regCtrl-altCertTemplate control. These are + specified as follows. + + + + + +Blinov & Adams Informational [Page 3] + +RFC 4212 Alternative Certificate Formats October 2005 + + + OID: + + id-acTemplate OBJECT IDENTIFIER ::= + {id-regCtrl-altCertTemplate 1} + + Value: + + AttCertTemplate ::= SEQUENCE { + version AttCertVersion OPTIONAL, + holder Holder OPTIONAL, + issuer AttCertIssuer OPTIONAL, + signature AlgorithmIdentifier OPTIONAL, + serialNumber CertificateSerialNumber OPTIONAL, + attrCertValidityPeriod OptionalAttCertValidity OPTIONAL, + attributes SEQUENCE OF Attribute OPTIONAL, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL + } + OptionalAttCertValidity ::= SEQUENCE { + notBeforeTime GeneralizedTime OPTIONAL, + notAfterTime GeneralizedTime OPTIONAL + } -- at least one must be present + +2.2. OpenPGP Certificate CertTemplate + + Similar to certificate templates defined above, a CertTemplate for an + OpenPGP certificate can be used by defining an object identifier + (OID) and corresponding value for use in the + id-regCtrl-altCertTemplate control. These are specified as follows: + + OID: + + id-openPGPCertTemplateExt OBJECT IDENTIFIER ::= + {id-regCtrl-altCertTemplate 2} + + Value: + + OpenPGPCertTemplateExtended ::= SEQUENCE { + nativeTemplate OpenPGPCertTemplate, + controls Controls OPTIONAL } + + OpenPGPCertTemplate ::= OCTET STRING + -- contains the OpenPGP CertTemplate data structure defined + -- below (binary format without Radix-64 conversions) + -- encoded as an ASN.1 OCTET STRING + + + + + + +Blinov & Adams Informational [Page 4] + +RFC 4212 Alternative Certificate Formats October 2005 + + +2.2.1. OpenPGP CertTemplate Data Structure + + Similar to the X.509 CertTemplate, the OpenPGP CertTemplate is an + OpenPGP certificate (OpenPGP Transferable Public Key) [OPENPGP] with + all fields optional. The essential elements of an OpenPGP + CertTemplate are: + + - Zero or one Public Key packet. + + - Zero or more Direct Key Self Signature packets. + + - Zero or more Certification Signature packets (only if no User ID + packets are present). + + - Zero or more User ID packets. + + - After each User ID packet, zero or more Certification Signature + packets. + + - Zero or more Subkey packets. + + - After each Subkey packet, zero or one Subkey Binding Signature + packet. + + Each packet in the OpenPGP CertTemplate MUST be a syntactically + correct OpenPGP packet. This will enable conformant implementations + to use existing PGP libraries for building and parsing OpenPGP + CertTemplates. + + The following implications of this rule should be explicitly noted: + + - Fields for which the OpenPGP specification defines a set of + permitted values (e.g., the signature type or the public key + algorithm fields of the Signature packet) MUST have a value from + the defined set. Even if the requester does not have any + particular preferences for, for example, the signature algorithm, + it MUST choose one value that is the most desirable. + + Rationale: An alternative solution could be to define extra "any" + values, but this would be a modification of the OpenPGP syntax, + which is not considered appropriate in this document. + + - All subpackets of the Signature packet defined by the OpenPGP + specification as mandatory (e.g., the creation time and the + issuer's key id subpackets) MUST be present even though they do not + make much sense in the context of a certificate request. + + + + + +Blinov & Adams Informational [Page 5] + +RFC 4212 Alternative Certificate Formats October 2005 + + + - The number of MPIs at the end of the Key Material and the Signature + packets MUST match the number defined by the OpenPGP specification + for the given algorithm (the algorithm is controlled by the value + of the "algorithm" field). For example, there should be 2 MPIs for + DSA signatures. Note that the OpenPGP specification does not + define validation rules for the content of those MPIs. + + Though it is not considered appropriate here to define extra "any" + values for fields of enumerated types, such values can still be + defined for some other fields where the OpenPGP specification is not + that strict. + + The following extra values are defined in the context of the OpenPGP + CertTemplate. Note that these definitions do not modify the syntax + of OpenPGP packets, and existing PGP libraries can still be used to + generate and parse them. + + - For fields representing time (e.g., signature creation time): the + value of zero means "any time". + + - For fields holding key IDs: the value of 0xFFFFFFFFFFFFFFFF means + "any key id". + + - For signature fields: the "any signature" value is encoded as a + sequence of MPIs such that: + + * the number of MPIs matches the number of MPIs defined by the + OpenPGP specification for the given algorithm, and + + * the value of each MPI is 0xFF. + + A Signature packet with the "any" value in the signature fields is + called a Signature Template. + + Example: The "any signature" value for a DSA signature would look + like [00 08 FF 00 08 FF] + + - For key material fields: the "any key" value is encoded as a + sequence of MPIs such that: + + * the number of MPIs matches the number of MPIs defined by the + OpenPGP specification for the given algorithm, and + + * the value of at least one of the MPIs is a bit string with all + its bits set to 1. + + + + + + +Blinov & Adams Informational [Page 6] + +RFC 4212 Alternative Certificate Formats October 2005 + + + A Key Material packet with the "any" value in the key material + fields is called a Key Template. (See Key Template section for + further details.) + + Example: The "any key" value for a DSA public key may look like + [00 08 FF 00 10 FF FF 00 10 85 34 00 08 FF] + + The following rules apply to the sequence of packets within the + OpenPGP CertTemplate: + + - If the Public Key packet is omitted from the OpenPGP CertTemplate, + then this CertTemplate does not constrain the value of the public + key (i.e., it refers to "any" public key). + + - The order of Signature packets following a User ID packet and the + order of User ID packets within the CertTemplate are not important. + + - If an OpenPGP CertTemplate does not contain any User ID packets, + then it refers to "any" user IDs that are relevant to a given + request. + +2.2.2. OpenPGP CertTemplate in Certificate Requests + + Since an OpenPGP certificate can have several certification + signatures, the OpenPGP CertTemplate uses Signature Templates to + define where certification signatures should occur. The values of + the fields of the Signature Templates define the parameters of the + new certification signatures. The following rules apply: + + - A Signature Template that is present in the list of signatures + following a User ID packet requests that the CA certify this User + ID and the public key and replace the Signature Template with the + new certification signature. The Signature Template does not + mandate the exact place of the certification signature within the + list. The certification signature may be inserted at any position + within the list of signatures (following the certified User ID + packet). + + - A Signature Template may be present in the OpenPGP CertTemplate + without any preceding User ID packet. In this case, it is assumed + that the CA knows the ID(s) of the user by some other means. A + Signature Template without a preceding User ID requests that the CA + insert all known User IDs of the user into the OpenPGP certificate + and certify each of them. The Signature Template defines the + parameters of these certification signatures. + + + + + + +Blinov & Adams Informational [Page 7] + +RFC 4212 Alternative Certificate Formats October 2005 + + + - If an OpenPGP CertTemplate contains no Signature Templates, then + the CA is requested to certify all User IDs that are present in the + OpenPGP CertTemplate. Such a CertTemplate does not define + parameters of the certification signatures explicitly, but the CA + SHOULD use parameters of the certification self-signatures (if + present in the CertTemplate) as a guide (e.g., key flags fields). + + - If neither Signature Templates nor User IDs are present in the + OpenPGP CertTemplate, then the CA is expected to know the ID(s) of + the user by some other means. In this case, the CertTemplate + requests that the CA insert these User IDs into the OpenPGP + certificate and certify each of them. The parameters of the + certification signatures are left to the CA. + + If several certification signatures have to be produced according to + an OpenPGP CertTemplate, and any of them cannot be granted (even with + modifications) for whatever reason, then the whole request with this + OpenPGP CertTemplate MUST be rejected. + + The client SHOULD provide enough information in its request that the + CA could produce a complete OpenPGP certificate. For example, the + client SHOULD include in the template all relevant subkeys with their + binding signatures so that the CA can include them in the resultant + OpenPGP certificate as well. Rationale: In some environments, the + CA/RA is responsible for publishing certificates. + +2.2.3. Key Templates and Central Key Generation + + The OpenPGP CertTemplate can also be used to request certification of + centrally-generated keys. This is accomplished by using Key + Templates. + + If the Public Key packet of an OpenPGP CertTemplate is a Key + Template, then this OpenPGP CertTemplate requests that the CA/RA + generate the key pair prior to certifying it. Fields of the Key + Template define parameters of the new key pair as follows (see + examples in the Appendix): + + - The "public key algorithm" field specifies the algorithm to be used + for the key generation. + + - MPI fields with the value of 0xFF ([00 08 FF]) specify that no + constraint is placed on the corresponding part of the key. + + - MPI fields that contain any other bit strings in which all bits are + set to 1, specify that the corresponding part of the key should be + of the same length as the length of the MPI (e.g., the length of + the public modulus n of the RSA key). + + + +Blinov & Adams Informational [Page 8] + +RFC 4212 Alternative Certificate Formats October 2005 + + + - MPI fields that contain any other values specify that the + corresponding part of the key should be of the given value (key + generation parameters). + + In order to return a complete OpenPGP certificate, in addition to + certifying the new key and the User ID, the CA (or RA) SHOULD also + create a self-signature (i.e., sign the new public key and the User + ID with the new private key) and include it after the User ID packet. + This SHOULD be done for all User IDs certified by the CA. + + If a Subkey packet of an OpenPGP CertTemplate is a Key Template, then + this OpenPGP CertTemplate requests that the CA/RA generate a subkey. + Fields of the Key Template define parameters of the new subkey. The + new subkey obviously does not have to be certified. However, the + CA/RA SHOULD produce the binding signature and include it after the + subkey, if the CA/RA knows the user's primary private key (e.g., it + was centrally generated as well). Note that if the CA/RA does not + know the user's primary private key, then the resultant OpenPGP + certificate returned from the CA/RA to the client will be incomplete + (i.e., there will be no binding signature for the subkey). It will + be the responsibility of the client to produce and add the binding + signature and to publish the final OpenPGP certificate. + + If an OpenPGP CertTemplate contains neither PublicKey/Subkey packets + nor Key Template packets, then it requests that the CA generate + keys/subkeys according to the CA's policies. + +2.2.4. OpenPGPCertTemplateExtended + + The OpenPGPCertTemplateExtended structure enables additional + extensions and controls to be added to the basic OpenPGP + CertTemplate. + +2.2.5. OpenPGP CertTemplate Required Profile + + A conformant implementation is REQUIRED to support OpenPGP + CertTemplates that are valid OpenPGP certificates, i.e., that have + the following structure (see examples in the Appendix): + + - One Public Key packet (not a Key Template). + + - Zero or more Direct Key Self Signature packets (without Signature + Templates). + + - One or more User ID packets. + + - After each User ID packet, zero or more Certification Signature + packets (without Signature Templates). + + + +Blinov & Adams Informational [Page 9] + +RFC 4212 Alternative Certificate Formats October 2005 + + + - Zero or more Subkey packets (without Key Templates). + + - After each Subkey packet, one Subkey Binding Signature packet (not + a Signature Template). + + A conformant implementation is REQUIRED to recognise Key Templates + and Signature Templates and is REQUIRED to either support them or + reject requests containing them if it does not. + +3. Proof-of-Possession + + A CRMF request includes a Proof-of-Possession (POP) field that + contains proof that an End Entity has possession of the private key + corresponding to the public key for which a certificate is requested. + + The following rule applies to this field (with modifications from + [CMP]): + + * NOTE: If CertReqMsg certReq certTemplate (or the + * altCertTemplate control) contains the subject and + * publicKey values, then poposkInput MUST be omitted + * and the signature MUST be computed on the DER-encoded + * value of CertReqMsg certReq (or the DER-encoded value + * of AltCertTemplate). + + An OpenPGP CertTemplate is considered to satisfy the conditions of + this note if it has a Public Key packet (not a Key Template) and at + least one User ID packet. + +4. Protocol-specific Issues + + This section explains how alternative certificate formats may be + incorporated into such popular protocols as PKIX-CMP and CMC. + +4.1. PKIX-CMP + + In PKIX-CMP, the ASN.1 [ASN1] construct, and corresponding comment + for a certificate is given as follows. + + CMPCertificate ::= CHOICE { + x509v3PKCert Certificate + } + + -- This syntax, while bits-on-the-wire compatible with the + -- standard X.509 definition of "Certificate", allows the + -- possibility of future certificate types (such as X.509 + -- attribute certificates, WAP WTLS certificates, or + -- other kinds of certificates) within this certificate + + + +Blinov & Adams Informational [Page 10] + +RFC 4212 Alternative Certificate Formats October 2005 + + + -- management protocol, should a need ever arise to support + -- such generality. + + Building on this framework, this document expands the above CHOICE + construct as follows. + + CMPCertificate ::= CHOICE { + x509v3PKCert Certificate, + x509v2AttCert [0] AttributeCertificate, + -- defined in [ATTCERT] + openPGPCert [2] OpenPGPCert + } + + OpenPGPCert ::= OCTET STRING + -- contains the OpenPGP certificate (OpenPGP Transferable + -- Public Key) data structure from the OpenPGP specification + -- [OPENPGP] (binary format without Radix-64 conversions), + -- encoded as an ASN.1 OCTET STRING + + Expanding the CHOICE construct as above allows X.509 attribute + certificates and OpenPGP certificates to be used within the PKIX-CMP + management messages. In the future, this construct may be expanded + further (in subsequent revisions of this document) to accommodate + other certificate types, if this is found to be necessary. + +4.2. CMC + + The CMC protocol uses the CMS (Cryptographic Message Syntax) syntax + [CMS], which defines the certificate type as + + CertificateChoices ::= CHOICE { + certificate Certificate, + extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete + v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete + v2AttrCert [2] IMPLICIT AttributeCertificateV2 } + + Similar to PKIX-CMP, this CHOICE can be extended to include + additional types of certificates as follows. + + CertificateChoices ::= CHOICE { + certificate Certificate, + extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete + v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete + v2AttrCert [2] IMPLICIT AttributeCertificateV2, + openPGPCert [3] IMPLICIT OpenPGPCert } + + + + + + +Blinov & Adams Informational [Page 11] + +RFC 4212 Alternative Certificate Formats October 2005 + + + This allows both X.509 attribute certificates and OpenPGP + certificates to be used within the CMC management messages. In the + future, this construct may be expanded further (in subsequent + revisions of this document) to accommodate other certificate types, + if this is found to be necessary. + + The CMC specification defines certain constraints on the subject and + publicKey fields of the CRMF's CertTemplate structure. The same + constraints should apply to the AltCertTemplate structure if + alternative certificate types are used. For example, the CMC + specification mandates that + + When CRMF message bodies are used in the Full Enrollment Request + message, each CRMF message MUST include both the subject and + publicKey fields in the CertTemplate. + + If alternative certificate types are used, this should be extended as + + When CRMF message bodies are used in the Full Enrollment Request + message, each CRMF message MUST include both the subject and + publicKey fields in the CertTemplate (or in the altCertTemplate + control). + +5. Security Considerations + +5.1. Protection of Alternative Certificate Templates + + This document defines extensions to the CRMF format, so security + considerations from the CRMF specification [CRMF] apply here as well. + In particular, the security of alternative certificate templates + relies upon the security mechanisms of the protocol or process used + to communicate with CAs. + + Exact security requirements depend on a particular PKI deployment, + but integrity protection and message origin authentication are + typically required for certification requests. The CMP and CMC + certificate management protocols mentioned in this document provide + both integrity protection and message origin authentication for + request messages (which includes certificate templates as well). + + Confidentiality may also be required where alternative certificate + templates contain subscriber-sensitive information. The CMC protocol + allows the content of request messages to be encrypted. CMP does not + include confidentiality mechanisms for certification requests, but if + confidentiality is needed, it can be achieved with a lower-layer + security protocol (e.g., TLS or IPsec). + + + + + +Blinov & Adams Informational [Page 12] + +RFC 4212 Alternative Certificate Formats October 2005 + + +5.2. Request Authorisation + + In order to make a decision as to whether a request should be + accepted, a CA should normally be able to compare the (authenticated) + name of the sender of the request with the request subject name. + + For example, an End Entity may be allowed to request additional + certificates for himself/herself. In this case, the CA will accept a + request if the Sender is equal to the Subject (of course, other + conditions will have to be checked as well before the certificate is + granted). + + If a PGP certificate is requested using the extensions proposed here, + the Sender field of the request will be encoded as an ASN.1 + GeneralName (in both CMP and CMC), while the Subject will be + represented as a PGP UserID. Since the PGP UserID is effectively an + unrestricted octet string, it is not always trivial to compare these + two types. It is possible that an attacker may try to submit + requests with specially crafted UserIDs (e.g., that include obscure + characters) in order to trick the CA comparison algorithm and obtain + a PGP certificate with a UserID that belongs to someone else. + + In these circumstances, it is safer for the CA, when building the PGP + certificate's UserID, to completely rebuild the UserID based on the + content of the authenticated Sender name rather than take the UserID + from the request. To achieve this, additional information about the + End Entity may be required at the CA (e.g., the EE's email address). + +5.3. PGP Parser + + Software components that implement the proposed extensions (e.g., CMP + or CMC servers) will necessarily increase in complexity. If a + "standard" server is expected to be able to parse ASN.1 streams, the + "extended" server is required to be able to parse PGP streams as + well. A PGP parser code may introduce new security vulnerabilities + that can be exploited by an attacker to mount a DoS attack or gain + access to the server. + + In order to reduce the consequences of a successful attack, it is + recommended that the CMP or CMC servers be run on a separate machine + from the main CA server. These protocol servers should not have + access to the main CA key and should not have write access to the CA + store. + + + + + + + + +Blinov & Adams Informational [Page 13] + +RFC 4212 Alternative Certificate Formats October 2005 + + +Appendix A. Examples of OpenPGP CertTemplates + + This Appendix presents examples of OpenPGP CertTemplates that are + used for requesting OpenPGP certificates from a CA. + +A1. Simple Certificate Request + + Alice requests an OpenPGP certificate for her public key accompanied + by a subkey. + + The content of the OpenPGP CertTemplate in the request is as follows. + This CertTemplate conforms to the OpenPGP CertTemplate Required + Profile. + + 0000: 99 01 A2 === Pub Key packet === + 0003: 04 3C 58 27 A2 11 ver 4, created 30 Jan 2002, DSA + 0009: 00 E3 FB 9D .. 2B EF DSA prime p + 008B: 00 A0 FF 7E .. BA 71 DSA group order q + 00A1: 03 FF 68 BC .. 56 71 DSA group generator g + 0123: 03 FE 38 1F .. F2 63 DSA public key value y + 01A5: B4 19 === User ID packet === + 01A7: 41 6C .. 6D 3E "Alice " + 01C0: 89 00 49 === Signature packet (self-signature) === + 01C3: 04 10 11 02 ver 4, gen cert, DSA, SHA1 + 01C7: 00 09 05 02 3C 58 27 A2 02 1B 03 + created 30 Jan 2002, key usage: + sign data and certify other keys + 01D2: 00 0A 09 10 43 5C .. 06 77 issuer key id + 01DE: 5A C2 left 16 bits of signed hash value + 01E0: 00 A0 EB 00 .. 1B 75 DSA value r + 01F6: 00 A0 F4 E4 .. A8 3D DSA value s + 020C: B9 02 0D === Public Subkey packet === + 020F: 04 3C 58 27 A2 10 ver 4, created 30 Jan 2002, + Elgamal (encrypt-only) algorithm + 0215: 08 00 F6 42 .. 0B 3B Elgamal prime p + 0317: 00 02 02 Elgamal group generator g + 031A: 07 FE 37 BA .. DF 21 Elgamal public key value y + 041C: 89 00 49 === Signature packet (subkey binding) === + 041F: 04 18 11 02 ver 4, subkey binding, DSA, SHA1 + 0423: 00 09 05 02 3C 58 27 A2 02 1B 0C + created 30 Jan 2002, key usage: + encrypt communications and storage + 042E: 00 0A 09 10 43 5C .. 06 77 issuer key id + 043A: C7 DE left 16 bits of signed hash value + 043C: 00 9E 21 33 .. 39 1B DSA value r + 0452: 00 9F 64 D7 .. 63 08 DSA value s + 0468: + + + + +Blinov & Adams Informational [Page 14] + +RFC 4212 Alternative Certificate Formats October 2005 + + + CA certifies Alice's User ID and the public key and creates the + following OpenPGP certificate: + + 0000: 99 01 A2 === Pub Key packet === + 0003: + 01A5: B4 19 === User ID packet === + 01A7: + 01C0: 89 00 49 === Signature packet (self-signature) === + 01C3: + 020C: 89 00 49 === Signature packet (certification) === + 020F: 04 13 11 02 ver 4, positive cert, DSA, SHA1 + 0213: 00 09 05 02 3C 58 28 1A 02 1B 03 + created 30 Jan 2002, key usage: + sign data and certify other keys + 021E: 00 0A 09 10 F0 0D .. 1F CA issuer key id + 022A: 06 DF left 16 bits of signed hash value + 022C: 00 9F 57 2D .. 26 E3 DSA value r + 0242: 00 A0 B3 02 .. CE 65 DSA value s + 0258: B9 02 0D === Public Subkey packet === + 025B: + 0468: 89 00 49 === Signature packet (subkey binding) === + 046B: + 04B4: + +A2. Certificate Request with Central Key Generation + + Alice requests that the CA generate an RSA key pair that will be used + for signing, an RSA key pair that will be used for encryption, and + requests that the CA certify these keys. The RSA keys are requested + to be 2048 bits long with the public exponent 65537. + + The content of the OpenPGP CertTemplate in the request is as follows: + + 0000: 99 01 0D === Pub Key packet (Template) === + 0003: 04 FF FF FF FF 01 ver 4, any creation date, RSA + 0009: 08 00 FF FF .. FF FF RSA public modulus n - given length + 010B: 00 11 01 00 01 RSA public exponent e + 0110: B4 19 === User ID packet === + 0112: 41 6C .. 6D 3E "Alice " + 012B: 89 00 23 === Signature packet (Template) === + 012E: 04 10 11 02 ver 4, gen cert, DSA, SHA1 + 0132: 00 09 05 02 FF FF FF FF 02 1B 03 + any creation date, key usage: + sign data and certify other keys + 013D: 00 0A 09 10 FF FF .. FF FF issuer key id - any + 0149: 05 3A left 16 bits of signed hash value + 014B: 00 08 FF DSA value r - any + 014E: 00 08 FF DSA value s - any + + + +Blinov & Adams Informational [Page 15] + +RFC 4212 Alternative Certificate Formats October 2005 + + + 0151: 99 01 0D === Public Subkey packet (Template) === + 0154: 04 FF FF FF FF 01 ver 4, any creation date, RSA + 015A: 08 00 FF FF .. FF FF RSA public modulus n - given length + 025C: 00 11 01 00 01 RSA public exponent e + 0261: 89 00 20 === Signature packet (Template) === + 0264: 04 18 01 02 ver 4, subkey binding, RSA, SHA1 + 0268: 00 09 05 02 FF FF FF FF 02 1B 0C + any creation date, key usage: + encrypt communications and storage + + 0273: 00 0A 09 10 FF FF .. FF FF issuer key id - any + 027F: 12 E6 left 16 bits of signed hash value + 0281: 00 08 FF RSA signature value - any + 0284: + + CA generates keys, certifies Alice's User ID and the public key, and + creates the following OpenPGP certificate: + + 0000: 99 01 0D === Pub Key packet === + 0003: 04 3C 5A A5 BB 01 ver 4, created 01 Feb 2002, RSA + 0009: 08 00 C7 21 .. 5B EB RSA public modulus n + 010B: 00 11 01 00 01 RSA public exponent e + 0110: B4 19 === User ID packet === + 0112: 41 6C .. 6D 3E "Alice " + 012B: 89 01 1F === Signature packet (self-signature) === + 012E: 04 10 01 02 ver 4, gen cert, RSA, SHA1 + 0132: 00 09 05 02 3C 5A A5 BB 02 1B 03 + created 01 Feb 2002, key usage: + sign data and certify other keys + 014D: 00 0A 09 10 8E AF .. 1A 18 issuer key id + 0149: 3B 21 left 16 bits of signed hash value + 014B: 07 FE 2F 1D .. C0 81 RSA signature value + 024D: 89 00 49 === Signature packet (certification) === + 0250: 04 13 11 02 ver 4, positive cert, DSA, SHA1 + 0254: 00 09 05 02 3C 5A A5 DC 02 1B 03 + created 01 Feb 2002, key usage: + sign data and certify other keys + 025F: 00 0A 09 10 F0 0D .. 1F CA issuer key id + 026B: BA C2 left 16 bits of signed hash value + 026D: 00 9F 5E 58 .. 30 B3 DSA value r + 0283: 00 A0 D1 D7 .. 5A AF DSA value s + 0299: 99 01 0D === Public Subkey packet === + 029C: 04 3C 5A A5 C5 01 ver 4, created 01 Feb 2002, RSA + 02A2: 08 00 C3 03 .. 8C 53 RSA public modulus n + 03A4: 00 11 01 00 01 RSA public exponent e + 03A9: 89 01 1F === Signature packet (subkey binding) === + 03AC: 04 18 01 02 ver 4, subkey binding, RSA, SHA1 + + + + +Blinov & Adams Informational [Page 16] + +RFC 4212 Alternative Certificate Formats October 2005 + + + 03B0: 00 09 05 02 3C 5A A5 C5 05 1B 0C + created 01 Feb 2002, key usage: + encrypt communications and storage + 03BB: 00 0A 09 10 8E AF .. 1A 18 issuer key id + 03C7: C8 44 left 16 bits of signed hash value + 03C9: 07 FB 04 D7 .. 75 BE RSA signature value + 04CB: + +Normative References + + [ASN1] CCITT Recommendation X.208: Specification of Abstract + Syntax Notation One (ASN.1), 1988. + + [ATTCERT] Farrell, S. and R. Housley, "An Internet Attribute + Certificate Profile for Authorization", RFC 3281, April + 2002. + + [CMC] Myers, M., Liu, X., Schaad, J., and J. Weinstein, + "Certificate Management Messages over CMS", RFC 2797, April + 2000. + + [CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC + 3852, July 2004. + + [CMP] Adams, C., Farrell, S., Kause, T., and T. Mononen, + "Internet X.509 Public Key Infrastructure: Certificate + Management Protocol (CMP)", RFC 4210, September 2005. + + [CRMF] Schaad, J., "Internet X.509 Public Key Infrastructure: + Certificate Request Message Format (CRMF)", RFC 4211, + September 2005. + + [OPENPGP] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, + "OpenPGP Message Format", RFC 2440, November 1998. + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + + + + + + + + + + + + + +Blinov & Adams Informational [Page 17] + +RFC 4212 Alternative Certificate Formats October 2005 + + +Authors' Addresses + + Mikhail Blinov + Guardeonic Solutions + Fitzwilliam Court, Leeson Close + Dublin 2, Ireland + + EMail: mikblinov@online.ie + + + Carlisle Adams + School of Information Technology and Engineering (SITE) + University of Ottawa + 800 King Edward Avenue + P.O. Box 450, Stn A + Ottawa, Ontario, Canada K1N 6N5 + + EMail: cadams@site.uottawa.ca + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Blinov & Adams Informational [Page 18] + +RFC 4212 Alternative Certificate Formats October 2005 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2005). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78 and at www.rfc-editor.org/copyright.html, and + except as set forth therein, the authors retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at ietf- + ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + +Blinov & Adams Informational [Page 19] + -- cgit v1.2.3