Public key certificate

The articles public key certificate and digital certificate overlap thematically. Help me to better differentiate or merge the articles (→  instructions ) . To do this, take part in the relevant redundancy discussion . Please remove this module only after the redundancy has been completely processed and do not forget to include the relevant entry on the redundancy discussion page{{ Done | 1 = ~~~~}}to mark. Winstonlee ( discussion ) 09:19, Jul 7, 2017 (CEST)

A public key certificate is a digital certificate that confirms the owner and other properties of a public key . With a public key certificate, users of an asymmetric cryptosystem can assign the public key to an identity (e.g. a person , an organization or an IT system) and determine its scope. Public-key certificates enable the protection of confidentiality , authenticity and integrity of data through the correct use of the public key.

Overview

In order to distinguish false (e.g. imposed) from real keys when using asymmetric cryptosystems, proof is required that the public key used also belongs to the designated recipient of the encrypted message or to the sender of a digitally signed message. In addition, when encrypting and checking the digital signature, it must be ensured that the key can also be used with this cryptographic method and for the intended area of ​​application. This evidence is provided by digital certificates.

Typical uses of public key certificates are:

• Digital signatures ,
• Security in network protocols (e.g.  SSL , including HTTPS for web browsers , IPsec or SSH ),
• Protection of emails (e.g. with S / MIME or PGP ),
• Authentication and access control for chip cards.

Public key certificates usually contain the following information:

1. The name (or other unique identifier) of the issuer ( English issuer ) of the certificate.
2. Information on the rules and procedures under which the certificate was issued.
3. Information on the period of validity of the certificate.
4. The public key that the certificate provides information about.
5. The name (or other unique identifier) of the owner of the public key ( English subject ).
6. More information about the owner of the public key.
7. Information on the permitted scope and scope of the public key.
8. A digital signature of the issuer over all other information.

The properties of the key contained in the public key certificate - and thus the scope of the public key certificate - can be specified more precisely using attribute certificates . Attribute certificates themselves do not contain a public key, but refer to the relevant public key certificate via its serial number.

The issuer of a certificate is called the certification authority . The certification authority should be operated by a trustworthy organization or body (e.g. an authority) so that users can rely on the information contained in the certificates. The authenticity and integrity of the digital certificate can be checked using the digital signature on the certificate. For this check, however, an assignment of the signature key of the issuer to his identity, i. H. another certificate is required. This hierarchy of certificates forms a public key infrastructure (PKI).

The validity of a digital certificate is usually limited to a period specified in the certificate. Certificates for keys that are no longer secure can and should be revoked prematurely and the revocation information published. The trustworthiness of a digital certificate depends to a large extent on whether and how quickly it can be blocked and how reliably and promptly the blocking is published. Usually closures over a certificate revocation list (Engl. C ertificate R evocation L is , CRL ), on occasion, also published on a web page. Services for online querying of the lock status (e.g. via OCSP ) are also increasingly being offered.

Certificates are issued by many different certification authorities and at many different levels of quality. These can differ considerably in the reliability of the information contained in the certificate. The reliability of the assignment between the public key and its owner depends on the method used to identify the key owner and to block the certificates. Some certification bodies identify their applicants e.g. B. only in person and upon presentation of an official ID, others do not check the information provided by the applicant at all.

Private users can obtain certificates with limited security free of charge from many certification authorities. In contrast, certificates of higher security (e.g. qualified certificates based on chip cards) can cost 50 euros and more per year. Ultimately, the issuer's certification guidelines (Certificate Policy or CP) determine the level of security. However , there are no certificates that are sometimes referred to as advanced .

Legal Aspects

The legal framework for the issuance of digital certificates, especially for electronic signatures, is regulated in many countries by their own laws.

In the EC Directive 1999/93 / EC, a certificate is defined in a technology-neutral manner and therefore does not necessarily have to refer to a cryptographic key: A certificate is "an electronic certificate with which signature verification data is assigned to a person and the identity of this person is confirmed" , where signature verification data is defined as “data such as codes or public cryptographic keys used to verify an electronic signature”. These definitions were adopted accordingly in the national signature laws of the member states of the European Community and the other states of the European Economic Area , in particular in the German Signature Act , the Austrian Signature Act and the Liechtenstein Signature Act .

The guideline and the national laws based on it define uniform requirements for services for the issuing and administration of certificates. In particular, the qualified certificate was defined as a particularly trustworthy and personal public key certificate.

The issuing of qualified certificates is subject to the supervision of a competent authority. In Germany this is the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railways (formerly RegTP ), in Austria the Telecommunications Control Commission (TKK) as part of the Rundfunk und Telekom Regulierungs GmbH (RTR).

An electronic signature that was created with a secure signature creation unit is largely equivalent to a handwritten signature if a valid, qualified certificate (at the time the signature is created) exists for the signature key.

Problems and solutions

Certificates are issued by many agencies. For a certificate to be considered valid, you have to trust the certification authority. For this reason, many certification authorities are already classified as trustworthy in web browsers. However, many of these companies and organizations are unknown to most users. The user thus delegates his trust to the manufacturer of the software.

A second problem is that it is difficult to see from the certificate itself how secure the procedures used in its issue and publication are and for which applications the certificate is suitable or intended at all. The user would have to read the relevant documentation from the certification body, the Certificate Policy (CP) and the Certification Practice Statement (CPS), the contents of which are generally specified by RFC 3647 . If the security requirements are high, qualified certificates can be used, the issuers of which are subject to statutory security requirements and state supervision.

For example, these issues became apparent in an incident where Verisign issued certificates issued to Microsoft to people who incorrectly identified themselves as Microsoft employees. With these certificates, the fraudsters now had apparently trustworthy evidence that they belonged to Microsoft. It would be For example, it has been possible to sign program code on behalf of Microsoft so that Windows operating systems would install it without warning. Although these certificates were revoked immediately after the bug was discovered, they continued to pose a security risk because the certificates did not contain any indication of where to find a possible revocation. This case is a sign that one cannot always rely on the trustworthiness of certificates and the diligence of certification authorities.

The revocation of a certificate is only effective if current revocation information is available during the check. Certificate revocation lists (CRL) or online checks (e.g. OCSP ) can be called up for this purpose .

Standards

The structure and content of digital certificates are specified by various standards.

• The most widespread is the X.509 standard of the international telecommunications union .
  • The current certificate format X.509v3 (version 3) is e.g. B. used for secure communication with websites via SSL / TLS , for secure e-mail via S / MIME and for virtual private networks (VPN) via IPsec . Qualified certificates are practically always based on X509v3.
  • The current format for attribute certificates is X.509v2. (Note: With X.509, the version number does not refer to the current document (i.e. the entire X.509 standard), but only to the respective format for certificates or blacklists.)
  • X.509 also defines a format for revocation lists for X.509 certificates. The current version 2 (X.509v2) supports both complete and incremental blacklists.

Further standards specify the formats defined by X.509 through more precise specifications and restrictions (a “profile”). Examples are RFC 5280 (profile for certificates and blacklists), RFC 5755 (attribute certificates ), RFC 3739 and ETSI TS 101 862 (qualified certificates) and Common PKI (certificates, attribute certificates and blacklists).

The syntax of X.509 certificates and revocation lists is based on ASN.1 . DER is used as coding .

• The certificates used by PGP are defined in RFC 4880 .
• With WAP , a special, particularly compact certificate format was used for secure communication via WTLS .
• Part 8 of ISO 7816 defines two different formats for very compact certificates that can even be interpreted and checked by chip cards ( Card Verifiable Certificates (CV certificates)). While self-describing CV certificates contain identifiers ( tags ) and length specifications for the individual data fields, this is not the case with non-self-describing ( self-descriptive ) CV certificates, so that the evaluating application must know the syntax and length of the data fields in advance. CV certificates come e.g. It is used, for example, with Extended Access Control for electronic passports and the new German ID card, as well as with the electronic patient card and the electronic health professional ID card .
• A particularly compact certificate format is used in the EMV payment system.
• For traffic telematics , specifically for communication with motor vehicles , special certificate formats are defined in IEEE 1609.2 and ETSI TS 103 097. IEEE 1609.2 also defines a data format for blacklists.
• Another compact, but rarely used certificate format is defined by the American National Standards Institute (ANSI) in the X9.68 standard.
• Simple Public Key Infrastructure (SPKI), an experimental standard of the Internet Engineering Task Force (IETF), defines its own certificate format in RFC 2693 . However, SPKI is practically not used.