|
| |
| | Embedded Solution Partners: AuthAgent X.509 |
 | | X.509 certificates define a validity period which should be shorter than the expected factoring time of a brute force attack on the public-key algorithm. | | | This enables the software using X.509 based digital certificates for authentication to be designed and implemented, independent of the changes in the X.509 implementation. | | | AuthAgent X.509 provides a library with an API that is independent of the underlying X.509 implementation. |
|
http://www.esolpartners.com/prd/prd006l.html
(749 words)
|
|
| |
| | [No title] |
| | The X.509 v2 CRL format is described and a required extension set is defined as well. | | | The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms (e.g., IP addresses). | | | An algorithm for X.509 certificate path validation is described. |
|
http://www.ietf.org/rfc/rfc2459.txt
(9282 words)
|
|
| |
| | COMPARISON OF SECURE EMAIL TECHNOLOGIES X.509 / PKI, PGP, and IBE |
| | Providing ease of use in email security is such a difficult task that it has not been done yet, even after 15 years of development (X.509 was released in 1988 and PGP in 1991). | | | Concise definitions for each feature or problem regarding security and privacy of email communication are also included, with a view to both improve the email security technologies X.509 / PKI, PGP and IBE, and develop the specifications for new technology beyond current limitations. | | | This work also provides a view on what to improve regarding the email security technologies X.509 / PKI, PGP and IBE, in order to develop the specifications for new technology beyond current limitations. |
|
http://email-security.net/papers/pki-pgp-ibe.htm
(5684 words)
|
|
| |
| | Roumen Petrov - secure shell(ssh) page |
| | It is possible to have multiple algorithms in form specified in "X.509 Key Algorithms" format. | | | In additional to "file" and "hash-dir" lookup methods the "X.509 store" can utilize LDAP queries to find certificates and CRLs in verification and validation process. | | | As support for DSA signatures packed in format as is described in [RFC2459] and "dss_signature_blob" as is specified in "SecSH transport" draft OpenSSH is interoperable with implementations from multiple vendors. |
|
http://roumenpetrov.info/openssh
(1917 words)
|
|
| |
| | X.509 - Présentation |
| | In fact, the X.509 data record was originally designed to hold a password instead of a public key as the record-access authentication mechanism. | | | X.500 was to be a global, distributed database of named entities: people, computers, printers, etc. In other words, it was to be a global, on-line telephone book. | | | The insistence on X.509 certificates with a single global root delayed PEM's adoption past its window of viability. |
|
http://www.hsc.fr/ressources/presentations/pki/text8.htm
(639 words)
|
|
| |
| | X.509 certificates |
| | This identifies which version of the X.509 standard applies to this certificate, which affects what information can be specified in it. | | | A signature is computed over some data using the private key of an entity (the signer). | | | In some systems the identity is the public key, in others it can be anything from a Unix UID to an Email address to an X.509 Distinguished Name. |
|
http://java.sun.com/j2se/1.5.0/docs/guide/security/cert3.html
(1767 words)
|
|
| |
| | Testing PKI Components |
| | The PKITS path validation test suite is designed to cover most of the features specified in X.509 and RFC 3280. | | | NIST is currently developing a NIST Recommendation for X.509 Path Validation. | | | PKITS is a comprehensive X.509 path validation test suite that was developed by NIST in conjunction with DigitalNet and NSA. |
|
http://csrc.nist.gov/pki/testing/x509paths.html
(609 words)
|
|
| |
| | Linux FreeS/WAN |
| | The popular X.509 patch for FreeS/WAN started by Andreas Steffen in 2000 was superseded in March 2004 by the strongSwan distribution which is maintained by the same author. | | | A text version of this installation guide is included as a README file in the distribution. | | | See the CHANGES file for the change history of the X.509 patch. |
|
http://www.strongsec.com/freeswan
(350 words)
|
|
| |
| | [No title] |
| | In code signing certificates, the displayName (aka agencyInfo) is encoded as an extension identified by the X.509 commonName OID, with the data being an OCTET STRING containing a mostly Unicode representation of an ASCII URL string, winning it the prize for "Most Mangled Extension". | | | This section is not intended as a criticism of different vendors, it is merely an list of issues which people should be aware of when attempting to write interoperable software. | | | The coverage extends to objects related to X.509 such as private keys and encrypted/signed data. |
|
http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
(16607 words)
|
|
| |
| | S/MIME X.509 Certificates |
| | DER (Distinguished Encoding Rules) Encoded Binary X.509 (*.cer) certificate file — the default for Windows 2000. | | | Base 64 [RFC 1521] Encoded X.509 (*.cer file) for text-based (e-mail) transmission. | | | IETF's PKIX, based on X.509 [RFC 2459], a directory method involving Certification Authorities. |
|
http://www.wilsonmar.com/1certs.htm
(3473 words)
|
|
| |
| | [No title] |
| | XML Encryption and X.509 certificate integration are new to version 2.0. | | | We'll talk more about X.509 integration at the end of this article. | | | The.NET Framework 2.0 also includes support for X.509 certificates. |
|
http://msdn.microsoft.com/msdnmag/issues/04/11/XMLSignatures
(5819 words)
|
|
| |
| | Web Services Security (WS-Security) |
| | However, binary (e.g., X.509 certificates and Kerberos tickets) or other non-XML formats require a special encoding format for inclusion. | | | A binary security token has two attributes that are used to interpret it. | | | Any XML-based security token can be specified in the header. |
|
http://www-106.ibm.com/developerworks/library/ws-secure
(6844 words)
|
|
| |
| | X.509 Certificate Authentication and Digital Signature of SOAP Messages with WSE |
| | In order for WSE to obtain the X.509 private key from the local computer certificate store, it must have permission to do so. | | | In the first article in this series, we covered how to use the Web Services Enhancements Toolkit to perform SHA1 Digest hashed username/password authentication with the IPasswordProvider interface, using a modified version of the Northwind Database Employees table to do our username/password authentication with the UsernameToken element. | | | NOTE: Only the Makecert from the.NET Framework 1.1 (Everett) has the capability to create test certificates that can be used successfully with the WSE! |
|
http://www.eggheadcafe.com/articles/20021231.asp
(2228 words)
|
|
| |
| | SSL X.509 Certificates HOWTO |
| | CA is a part of the X.509 system. | | | Root CA is also a part of the X.509 system. | | | Our goal is: To create X.509 SSL certificates by our name, with OpenSSL and under Linux/*BSD/UNIX. |
|
http://www.imacat.idv.tw/tech/sslcerts.html.en#userrootca
(6392 words)
|
|
| |
| | Installation Guide |
| | It can be used to query an OCSP server about the current status of an X.509 certificate and is often used as a more dynamic alternative to a static Certificate Revocation List (CRL). | | | The X.509 patch also integrates the original contribution by Kai Martius supporting RSA based authentication using OpenPGP certificates and PGP's proprietary Key IDs. | | | The PGPkeyTool does not accept X.509 certificates in binary DER format, so it must be imported in base64 format: |
|
http://www.strongsec.com/freeswan/install.htm
(6870 words)
|
|
| |
| | X.509 definition - isp.webopedia.com - The Glossary for Internet Service Providers |
| | Collectively, the term X.509 refers to the latest published version, unless the version number is stated. | | | When X.509 was revised in 1993, two more fields were added resulting in the Version 2 format. | | | X.509 (Version 1) was first issued in 1988 as a part of the ITU X.500 Directory Services standard. |
|
http://isp.webopedia.com/TERM/X/X_509.html
(198 words)
|
|
| |
| | Fawcette.com - Compare Web Service Security Metrics |
| | Client-side SSL, which employs X.509 certificates to enable the Web server to identify client users or computers, is less common but reasonably easy to implement. | | | All commercial browsers and Web application development environments provide transparent support for HTTPS. | | | You also can try a live ASP.NET version of this article's WsdkX509Client.sln project (see Resources). |
|
http://www.fawcette.com/xmlmag/2002_10/online/webservices_rjennings_10_16_02
(336 words)
|
|
| |
| | AspEncrypt.com - Manage X.509 Certificates and Certificate Stores |
| | The code sample http://localhost/aspencrypt/cert_stores/sign_pfx.asp computes a digital signature of a text string using a private key residing in this PFX file. | | | There are two most commonly used file formats for storing certificates: DER-Encoded X.509 (.cer or.crt) and Cryptographic Message Syntax Standard PKCS #7 (.p7b). | | | The DER-Encoded format can be in the binary or Base64-encoded form. |
|
http://www.aspencrypt.com/task_certs.html
(2097 words)
|
|
| |
| | ONLamp.com -- Deploying a VPN with PKI |
| | This naming structure comes from a complex specification for methods and syntaxes defining communication between computer programs as seen in RFC 1274, which gives the attribute definitions for the DN components that we will use in our certificates. | | | To understand this, we need to describe the encoding of subject names in X.509 certificates. | | | Certificates that limit themselves to this minimum amount of information and conform to the X.509 encoding format are X.509v1 (version 1) certificates. |
|
http://www.onlamp.com/pub/a/security/2004/10/21/vpns_and_pki.html
(1828 words)
|
|
| |
| | [No title] |
| | For the purposes of this specification, the value of the SubjectKeyIdentifier extension is the contents of the KeyIdentifier octet string, excluding the encoding of the octet string prefix. | | | element contained in a preceding message header that contains the binary X.509 security token data. | | | � HYPERLINK "http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/index.html" ��http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/index.html� [PKIPATH] http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.509-200110-S!Cor1 [X509] ITU-T Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, June 1997. |
|
http://www.oasis-open.org/committees/download.php/15411
(1961 words)
|
|
| |
| | The DCOCE Glossary |
| | The initial version of X.509 was published in 1988, version 2 was published in 1993, and version 3 was proposed in 1994 and considered for approval in 1995. | | | ITU-T Recommendation X.509 specifies the authentication service for X.500 directories, as well as the widely adopted X.509 certificate syntax. |
|
http://www.dcoce.ox.ac.uk/glossary/index.xml.ID=X.509
(118 words)
|
|
| |
| | Introduction to FreeS/WAN |
| | Often they use LDAP access to X.509 directories to implement this. | | | Lightweight Directory Access Protocol, defined in RFCs 1777 and 1778, a method of accessing information stored in directories. | | | LDAP is used by several PKI implementations, often with X.501 directories and X.509 certificates. |
|
http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/glossary.html
(10228 words)
|
|
| |
| | VW 7.4 Spoilers - X.509 |
| | As you've probably guessed the X.509 certificate standard is part of the X-series as well but it is also published as RFC 3280. | | | A name in X509 is actually a collection of so called AttributeValueAssertions where the keys represent well known aspects of a name. | | | With the new ASN.1 framework, we were able to rip out pretty much all the special purpose marshaling code from the X.509 framework and in exchange get not only the ability to decode but also to encode certificates. |
|
http://www.cincomsmalltalk.com/userblogs/cst/blogView?showComments=true&entry=3311888426
(1072 words)
|
|
| |
| | NodeWorks - Encyclopedia: X.509 |
| | The X.500 system has never been fully implemented, and the IETF's public-key infrastructure working group has adapted the standard to the more flexible organization of the Internet. | | | The structure of a X.509 v3 digital certificate is as follows: | | | X.509 also includes standards for certificate revocation list (CRL) implementations, an often neglected aspect of PKI systems. |
|
http://pedia.nodeworks.com/X/X5/X50/X_509
(519 words)
|
|
| |
| | Certificate comparisons |
| | However, it has the interesting design feature that the verifier (what X.509 calls the Relying Party) sets the level of trust in keys -- and can in principle demand some number of independent signatures on a PGP certificate before that binding is considered valid. | | | That party also selects keys known in advance and therefore may be in a position to insure that these keys are controlled by different keyholders. | | | The assumption behind X.509 (inherited from X.500) is that the global identifier [DN] is somehow inherently bound to a person and that everyone who might use the certificate will correctly map from that name to the named person or from the named person to the name. |
|
http://world.std.com/~cme/html/web.html
(1773 words)
|
|
| |
| | New Edition of X.509 ITU standard to Accelerate Global E-commerce |
| | "The addition of a framework for PMI, and refinements to certification path processing will play a major role in establishing the foundation for B2B electronic commerce growth", said Sharon Boeyen, the editor of X.509. | | | X.509 is viewed throughout the Information Technology (IT) industry as the definitive reference for designing applications related to Public Key Infrastructures (PKI). | | | The elements defined within X.509 are widely utilized, from securing the connection between a browser and a server on the Web to providing digital signatures that enable electronic transactions to be conducted with the same confidence as in a traditional paper-based system. |
|
http://www.itu.int/newsarchive/press_releases/2000/05.html
(563 words)
|
|
| |
| | X.509 Certificate Format |
| | The X.509 standard defines what information goes into the certificate, and describes how to encode it (the data format). | | | An X.509 certificate is a collection of a standard set of fields containing information about a user or device and their corresponding public key. | | | OpenRG supports X.509 certificates that comply with the ITU-T X.509 international standard. |
|
http://www.jungo.com/openrg/doc/4.0/user_guide/html/html_user_manual/node286.html
(247 words)
|
|
| |
| | X.509 |
| | Here all entities are given unique names in a hierarchical framework. | | | The X.509 recommendation is part of the X.500 series of recommendations which defines a directory service [ | | | This structure has some shortcomings, with the most important being that X.500 has never been deployed worldwide and is likely to never be |
|
http://www.pasta.cs.uit.no/thesis/html/ronnya/node47.html
(262 words)
|
|
| |
| | Use X.509 Certificates |
| | VShell also supports the use of file-based X.509 | | | Users who logon using X.509 certificate authentication can successfully authenticate if the VShell administrator places the user's Base64-encoded *.cer file in user's folder in VShell's PublicKey folder as is done with the RSA and DSA *.pub files. | | | Acquire a X.509 certificate from each user that you want to give access to. |
|
http://www.vandyke.com/products/vshell/docs/windows/Use_X.509_Certificates.htm
(728 words)
|
|
| |
| | I hate X.509 |
| | I’ve spent most of the past two days working on a little project at work that needs the ability to generate Java JKS keystore files (compatible with the Java | | | This turns out to be astoundingly difficult, largely because X.509 is insane. | | | If you think that sounds simple, then you’ve obviously never worked with X.509. |
|
http://scottstuff.net/blog/articles/2005/07/12/i-hate-x-509
(368 words)
|
|
| |
| | ONLamp.com -- IPSec Certificate Basics |
| | They're easier to manage than shared keys, and preshared keys may disappear in IPSec version 2. | | | For more information on X.509 certificates, click here. | | | First off is a recent version of racoon; grab the latest available in |
|
http://www.onlamp.com/pub/a/bsd/2002/04/04/ipsec.html
(520 words)
|
|
| |
| | [No title] |
| | SubjectAltName extension was developed and added to the X.509 standard to provide a way to deal with these problems. | | | Ipaddresses, DNS names, and email addresses also represent structured naming systems that are outside the control of the directory, and objections have been raised to having such information in directory relative distinguished names [ref: Steve Kent correspondence]. | | | New IETF RFC’s promote the use of this extension as a container for one or more server host names, client email addresses &c [refs]. |
|
http://www.es.net/pub/esnet-doc/SubjectAltName.doc
(710 words)
|
|
| |
| | Fawcette.com - Use X.509 Certificates With the WSDK |
| | In this article, I'll describe the requirements for creating valid | | | X.509 certs for signing e-mail, code, and Windows drivers, as well as encrypting IPSec virtual private network traffic, are far less common. | | | The WSDK makes creating and using X509SecurityTokens easy, but installing the required X.509 certificates is tricky. |
|
http://www.fawcette.com/xmlmag/2002_09/online/webservices_rjennings_09_30_02/default.aspx
(372 words)
|
|
| |
| | X.509 v3 : Java Glossary |
| | A standard for formatting digital certificates that Netscape uses for digitally signing jar files. | | | You are here : home ⇐ Java Glossary ⇐ X words ⇐ X.509 v3. | | | Go to : * 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
|
http://mindprod.com/jgloss/x509.html
(215 words)
|
|
| |
| | Connected: An Internet Encyclopedia - Certificates |
| | Likewise, X.509 certificates could implement a Web of Trust. | | | As an example of an X.509 certificate, here's a decode (generated with openssl) of one of | | | The most common type of certificate is an X.509 certificate, an ASN.1 encoded block of data specified in ISO Standard X.509. |
|
http://ie.activedomain.org/140.htm
(1085 words)
|
|
| |
| | Internet X.509 Public Key Infrastructure (PKIX) |
| | For more information on X.500, one can read the online book entitiled | | | X.500 itself is considered as too difficult to catch on, however, the X.509 format for certificates is used by succesive standards. | | | The directory services serve as a kind of electronic phonebook, where enabled applications can lookup included entities. |
|
http://solar.murty.net/~murty/pki/pkix.htm
(134 words)
|
|
| |
| | MoinMoinWikis - MoinMoin |
| | Freedesktop.org - free software project to work on interoperability and shared technology for desktop environments for the X Window System | | | The Unofficial CAcert Wiki - FREE X.509 Digital Certificates at CAcert.org | | | The Exim Wiki - support and document evolution for the Exim MTA |
|
http://moinmoin.wikiwikiweb.de/MoinMoinWikis
(2001 words)
|
|
| |
| | X.500 - Wikipedia, the free encyclopedia |
| | X.509, the portion of the standard providing for an authentication framework, is now also widely used outside of the X.500 directory protocols. | | | ISO was a partner in developing the standards, incorporating them into the Open Systems Interconnect suite of protocols. | | | It specifies a standard format for public-key certificates. |
|
http://en.wikipedia.org/wiki/X.500
(218 words)
|
|
| |
| | Fabián Rodríguez - Thawte/PGP Encryption |
| | Thawte is a company issuing X.509 digital certificates known as "FreeMail" certificates. | | | A great advantage of using Thawte certificates is that they can be easily used with S/MIME-compliant secure mail clients, such as Microsoft Outlook Express and Netscape Communicator 4.x. | | | Most topics are Thawte x.509 certs and OpenPGP related. |
|
http://www.fabianrodriguez.com/encryption
(662 words)
|
|
| |
| | X.509 Certificates: Frequently Answered Questions |
| | What can a digital certificate be used for? | | | What is the significance of the term "X.509"? | | | In other words, a certificate is a way of creating confidence in the public key, by giving it the authority of the issuing body and ensuring that it is very hard to forge. There are clear analogies to traditional means of identification such as a passport. |
|
http://www.jisc.ac.uk/index.cfm?name=jcie_x509#q1
(1186 words)
|
|
| |
| | Gentoo Linux Documentation -- ipsec-tools contains an X.509 certificates vulnerability. |
| | Since digital signatures are not verified by the racoon tool, an attacker may be able to connect to the VPN gateway and/or execute a man-in-the-middle attack. | | | This means that anybody holding the correct X.509 certificate would be able to establish a connection, even if they did not have the corresponding private key. | | | Gentoo Linux Documentation -- ipsec-tools contains an X.509 certificates vulnerability. |
|
http://www.gentoo.org/security/en/glsa/glsa-200404-05.xml
(151 words)
|
|
| |
| | Colliding X.509 Certificates |
| | However we are not yet able to do so. | | | We provide a detailed description of the construction method (in pdf format). | | | We would like to announce a pair of valid X.509 certificates, based on the SHA1 hash-function, that have identical signatures. |
|
http://www.win.tue.nl/~bdeweger/CollidingCertificates
(508 words)
|
|
| |
| | digital certificate definition of digital certificate in computing dictionary - by the Free Online Dictionary, ... |
| | After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). | | | The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself. | | | The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed." |
|
http://computing-dictionary.thefreedictionary.com/digital+certificate
(474 words)
|
|
| |
| | X.509 Certificates |
| | The package ice.cert contains classes for handling X.509 digital certificates, private keys, distinguished names, and other types needed for certificate handling. | | | The class X500Name contains a single distinguished name, as used in the subject and issuer fields in the certificates. |
|
http://www.icesoft.com/developer_guides/icebrowser/htmlguide/ssl9.html
(122 words)
|
|
| |
| | pyCA - X.509 CA |
| | pyCA - X.509 CA pyCA - X.509 CA | | | During the last two years it turned out that X.509 certificates, SSL and S/MIME are the relevant, widely adopted cryptographic standards for securing various Internet services like WWW, Mail, etc. | | | However these standards require setting up a working X.509-based PKI (pulic key infrastructure). |
|
http://www.pyca.de
(282 words)
|
|
|
