1 ) Introduction
X.509 PKI is general purpose, very flexible, highly complex, and expensive public key Infrastructure. Originally conceived as an access control technology for X.500directories, it has evolved in to an authentication and access control technology for a wide range of applications and environments while retaining (most) of its architectural heritage. Now a day’s most business applications are implementing X.509 PKI to meet their security demands. Without certificates, the customers will not trust any site’s will not be secured, and business transactions must not take place. Without certificates, it will be difficult to provide secure communications or to electronically sign documents. Certificate procedure mostly used to identity theft, data theft, electronic transaction fraud, phishing, etc.
Format of X.509 certificate:
ITU-T refers X.509 is part of the X.500 series that define a directory service. The directory is, in effect, a server or distributed set of servers that maintains a database of information about users. This information related to mapping of user name to network address, and other user properties.. X.509 defines a complete structure that provides authenticated service to tits users.
X.509 certificate policy contains the public key that used by users and private key that will be used by trusted parties. These will called as Trusted Certification AuthorityX.509 is also defines Public key certificate authentication protocols. The Public key certificates are created by some trusted certification authority (CA) and placed them in the directory by the CA or by the user. The directory server it self is not responsible for the creation ofpublic keys or for the certification function; it merely provides an easily accessible location for users to obtain certificates.
The certificate contains following attributes:
Version: defines the version of the certificate.
serial number: Defines Unique integer value issued by CA, which identifies each certificate.
Signature algorithm identifier: defines the type of algorithm used to sign the certificate.
Issuer name: X.500 name of the CA that created and signed this certificate
Period of validity: This contains from and to dates defining the validation period of the certificate.
Subject name: contains user name who holds the corresponding private key.
Subject's public-key information: public key information as well as algorithm identifier that helps to identify the associated
Issuer unique identifier: it is optional , that identifies the CA identification number.
Covers all of the other fields of the certificate; it contains the hash code of the other fields, encrypted with the CA's private key. This field includes the signature algorithm identifier
Standard notations of the certificate:
CA<
> = CA {V, SN, AI, CA, TA, A, Ap} where
Y <> =the certificate of user X issued by certification authority Y
Y {I} = the signing of I by Y. It consists of I with an encrypted hash code appended
PGP certificate:
The message field contains includes the actual message which is used to transmit. as well as a file name and a timestamp that specifies the time of creation.
The signature field includes the following:
Timestamp: The time defines time of creation
Message digests: the message digest is created over signature time stamp and message using SHA-1 encryption private signature key
Leading two octets of message digest: the octets contains 16 bit frame that is used to enable the receiver to determine whether the correct public key was used to decrypt the message . this message authentication will be done by comparing the first two octets of the plain text with first octets of the decrypted text.
.
Key ID of sender's public key: it identifies the public key that will used to decrypt the cipher text and also identifies the private key that was used to encrypt the plain text. Here messages and signatures were zipped together and encrypted with session key.
Key Rings
PGP message that provides both confidentiality and authentication.. The scheme used in PGP is to provide a pair of data structures at each node, one to store the public/private key pairs owned by that node and one to store the public keys of other users known at this node. These data structures are referred to, respectively, as the private-key ring and the public-key ring
private-key ring: the ring can be shown as a table . table is well organized with set rows . each row holds a pair of public and private keys that were owned by the user
the table contains following fields.
Timestamp: represents the date and time when the public and private keys are generated. Key ID: holds 64 least significant bits of the public key...