English original: Https://Blog.Csdn.Net/blue0bird/article/details/78656536
This article from the English document translated himself, also made reference to other translations online (thank authors!), Trying to be more accurate.
This paper describes an older version of OpenSSL, there are many discrepancies with the existing version, but the original aim, the core principle is of great reference value.
1) Certificate
In cryptographic techniques, X.509 public key certificate is to define a standard format. X.509 certificates used for many Internet protocols, including TLS / SSL, which is the foundation of Web security protocol HTTPS. Can also be used off-line applications, such as electronic signatures. X.509 certificate contains a public key and identification (hostname, organization or person), by the Certificate Authority (CA) signature, can also be self-signed. For an organization signing certificate issued by a trusted certificate, or can be verified by other means, the owner of the certificate can use the certificate and the corresponding private key to create a secure communications, to digitally sign documents.
History and usage
X.509 and X.500 together with the first released on July 3, 1988, it assumes that the certificate issued by a certificate authority (CA) has strict hierarchy. This is in stark contrast to the Web trust model (such as PGP), PGP program because anyone with a signature (not just special status CA), thus proving the validity of others' key certificates. X.509 V3 certificate design is very flexible, in addition to support for the bridge topologies network, Mesh network can also support for point to point, similar mechanisms as OpenPGP web of trust, but is rarely used in this way by 2004 .
X.500 system is only implemented by sovereign states, in order to achieve the purpose of the implementation of the national identity information sharing treaty, and the IETF's Public Key Infrastructure (X.509) or PKIX Working Group has been the standard has been adjusted to accommodate a more flexible Internet organizational structure. In fact, and the fact that X.509 authentication refers to RFC5280 defined in X.509 v3, including the IETF PKIX certificates and certificate revocation list (CRL Profile), also commonly known as public key infrastructure.
In the X.509 system, organizations want to sign certificate to obtain a certificate by initiating a "Certificate Signing Request (CSR)". To do this, it needs to generate a key pair, which will be safely stored private key (kept secret), and with the private key of the CSR signature. CSR includes the identity of applicants for public inspection file a request for CSR really applicants, as well as the distinguished name (DN) certificate used, CSR may also be accompanied by a certificate issued credentials or other agencies require proof of identity.
Certification authority issues a certificate to the DN name, and bind a public key.
Root certificate can be trusted by the organization to all members, so that they can use the company PKI system. Like Internet Explorer, FireFox, Safari and Chrome browsers are like a set of pre-installed root certificates, so you can immediately use the SSL certificate issued by CA mainstream, the browser developers a direct impact on its users to trust a third party . FireFox will provide a list of csv / html format, which contains the CA list.
X.509 also includes a Certificate Revocation List (CRL) standard implementation, which is often overlooked aspects of PKI system. The method of checking the validity of the certificate is approved by the IETF Online Certificate Status Protocol (OCSP), Firefox 3 OCSP checking is enabled by default in the case, versions of Windows Vista and later from the start as well.
Structure 1-1) certificate
X.509 certificate structure is ASN.1 (Abstract Syntax Notation One: Abstract Syntax Notation One) to describe the data structure, using ASN1 syntax for coding.
Structure of the digital certificate X.509 v3 follows:
● Certificate Certificate
● Version Number The version number
● Serial Number The serial number
● ID Mathimatics-Numerical algorithms Signature ID Signature Algorithm
● Issuer Name颁发者名称
● Validity period 有效期
● Not before起始日期
● Not after截至日期
● Subject Name主题名称
● Subject pbulic Key Info 主题公钥信息
● Public Key Algorithm公钥算法
● Subject Public Key主题公钥
● Issuer Unique Identifier (optional)颁发者唯一标识符(可选)
● Subject Unique Identifier (optional)主题唯一标识符(可选)
● Extensions (optional) 证书的扩展项(可选)
…
● Certificate Sigature Algorithm证书签名算法
● Certificate Signature证书的签名
1-2)指示证书特定用法的扩展项
所有扩展都有自己ID,由object identifier来表达,它是一个集合,并且有一个标记用与指示这个扩展是不是决定性的。证书使用时,如果发现一份证书带有决定性标记的扩展,而这个系统并不清楚该扩展的用途,那么要拒绝使用它。但对于非决定性的扩展,不认识可以予以忽略。RFC 1422给出了v1的证书结构,ITU-T在v2里增加了颁发者和主题唯一标识符,从而可以在一段时间后重用。重用的一个例子是当一个CA破产了,它的名称也在公共列表里清除掉了,一段时间之后另一个CA可以用相同的名称来注册,即使它与之前的并没有任何瓜葛。不过IETF并不建议重用同名注册。另外v2也没有在Internet里大范围的使用。v3引入了扩展,CA使用扩展来发布一份特定使用目的的证书(比如说仅用于代码签名)。
对于所有的版本,同一个CA颁发的证书序列号都必须是唯一的。
RFC 5280(及后续版本)定义了数字证书扩展项,用于指示如何使用证书。它们大多来自joint-iso-ccitt(2)ds(5)id-ce(29)OID。第4.2.1节中定义的一些最常见的是:
● Basic Constraints,{id ce 19},用于指示是否是CA证书。
● Key Usage, {id ce 15},指定的加密操作,由证书中包含的公钥来执行;例如,它可以指示该密钥应用于签名,但不用于加密。
●Extended Key Usage{id ce 37},通常用于叶子证书,以指示证书中包含的公钥的用途。它包含一个OID列表,每个OID都表示允许使用。例如{id pkix 31}表示密钥可用于TLS或SSL连接的服务器端;{id pkix 34}表示密钥可以用于保护电子邮件。
通常情况下,一份证书有多个限制用途的扩展时,所有限制条件都应该满足才可以使用。RFC 5280里有对一个同时含有keyUsage和extendedKeyUsage的证书的例子,这样的证书只能用在两个扩展中都指定了的用途。比如网络安全服务决定证书用途时会同时对这两个扩展进行判断。
1-3)证书文件扩展名
X.509证书有几种常用的文件扩展名,但要注意:其中一些扩展也有其它用途,比如仅保存了私钥。
● .pem:(隐私增强型电子邮件),DER编码的证书再进行Base64编码,数据存放于“--- BEGIN CERTIFICATE ---”和“ --- END CERTIFICATE ---”之间
● .cer,.crt,.der:通常采用二进制DER形式,但Base64编码也很常见
● .p7b,.p7c-PKC#7:SignedData结构,没有数据,仅有证书或CRL
● .p12-PKCS#12:可以包含证书(公钥),也可同时包含受密码保护的私钥
● .pfx :PKCS#12的前身(通常包含PKCS#12格式的数据,如IIS中生成的PFX文件)
PKCS#7是签名或加密数据的格式标准,官方称之为容器。由于证书是可验真的签名数据,所以可以用SignedData结构表述。.P7C文件是退化的SignedData结构,没有包括签名的数据。
PKCS#12从个人信息交换(PFX)标准发展而来,用于在单个文件中交换公共和私有对象。