MASARYK UNIVERSITY FACULTY OF INFORMATICS ¨ © ¦¨§ ! " ¤ ¥ # $ ¢ £ F G H ¡ % & D E ')(+* ?@ACB ,.-0/132 46587:9<;>= Possible approaches to certification authority implementation DIPLOMA THESIS Jan´ Lieskovsky´ Brno, 2007 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. I would like to express thanks to prof. RNDr. Jozef Gruska, DrSc., Doc. RNDr. Vaclav´ Matya´s,ˇ Ms.C Ph.D and Ing. Mgr. Zdenekˇ Rˇ ´ıha, Ph.D for their explanatory, exhaustive and interesting courses and materials related to the topic of cryptography that brought me round to the complex, mathematical and beautiful world of computer security. My special thanks to my adviser Doc. RNDr. Vaclav´ Matya´s,ˇ Ms.C Ph.D for his perceptive leadership, showing me the direction, this work should follow, in times of doubt and for his patience during my study of this com- plex topic. ii Keywords certificate, certificate authority, certificate request, extensions, PKI, QCA, registration authority, signature algorithm, subject of the certificate, X.509 iii Abstract The presented work covers the subject of certification authorities and re- lated topics. First, we discuss the relevant cryptography areas, like public- key cryptography, hash functions and digital signatures which are used in the digital certificates. Then we analyze the particular parts of the public- key infrastructure (PKI) to be able to determine the CA position in it and to separate the function, it should perform. Further we discuss in more detail the structure of the digital certificate request and digital certificate. We fo- cus on the extensions, in order to exactly describe the meaning of particular extension and relations between them (like allowed combinations of bits in the “KeyUsage” extension). In the second part of our work, we analyze current approaches to a CA implementation. We discuss them in order to select our own approach. In the end, we describe library used and tools and talk about gained experi- ences and insights. This diploma thesis should also provide information needed for CA im- plementation – introductory describing basic principles, CA functions and methods, structure of issued electronic documents, as well as description of currently used CA implementation techniques. A result of this investiga- tion should be a fully functional CA, implemented by us. iv To Vierka Contents 1 Introduction . 4 1.1 Overview and structure of this diploma thesis . 4 2 Cryptography and certification authorities . 6 2.1 Important cryptographic properties . 6 2.2 Symmetric-key cryptography . 7 2.3 Public-key cryptography . 8 2.4 Hash functions . 10 2.5 Digital signatures . 12 2.5.1 Features of digital signatures . 14 3 Internet public-key infrastructure (PKI) . 15 3.1 Public-key infrastructure (PKI) . 15 3.1.1 E-commerce scenario . 16 3.1.2 Registration Authority (RA) . 17 3.1.3 Certification Authority (CA) . 19 3.1.4 Subject of the certificate – End entity . 20 3.1.5 Receiver of the certificate – Relying party . 20 3.1.6 The Repository . 21 3.1.7 X.509 (RFC 3280) [8] . 21 3.1.8 Certificate revocation lists (CRL) and Online certifi- cate status protocol (OCSP) . 22 4 From certificate request to digital certificate . 26 4.1 Digital certificate request (DCR) . 26 4.2 Types of extensions used in digital certificate requests and digital certificates . 30 4.2.1 Authority Key Identifier . 30 4.2.2 Subject Key Idenfitier . 31 4.2.3 Key Usage . 31 4.2.4 Subject Alternative Name . 34 4.2.5 Basic Constraints . 36 4.2.6 Extended Key Usage . 36 4.2.7 Inhibit Any Policy . 38 4.3 Digital certificate (DC) . 39 2 4.3.1 Self-Signed and CA certificates . 42 5 Possible approaches to the certification authority implementation 43 5.1 OpenCA (OpenPKIX) . 44 5.2 Java Cryptographic Architecture (JCA) [15] . 47 5.3 What features we need to realize CA via the “library” approach 48 6 Qt Cryptographic Architecture (QCA) . 51 6.1 Description . 51 7 Qintca – CA implemented in QCA . 53 8 Conclusions . 60 A Examples of digital certificate request and digital certificate . 66 A.1 Example of digital certificate request . 67 A.2 Example of digital certificate . 68 B Digital certificate request and digital certificate creation . 69 B.1 Using the OpenSSL suite . 69 C Sample related QCA class . 71 C.1 Look and methods of the QCA::CertificateRequest class . 71 D Qintca screenshots . 75 3 Chapter 1 Introduction “How is an error possible in mathematics?” Jules H. Poincare Nowadays, communication over the Internet and the possibility to use various Internet services is gradually becoming available to a wider part of the population. We can benefit from usage of electronic mail, chat, file- sharing and file transport. We can watch movies or lectures, listen to mu- sic and play games. Besides this ”amusement” part, there is also the far more visible “official part” of Internet. Many government organizations have their electronic equivalents. We can reserve and buy tickets and watch the meteorological progress or stock options on-line. So the “electronic life” is becoming more and more a part of our ordinary life. This fact is bringing as well as new challenges and responsibilities for us. We should take more care about topics like cryptography, digital signatures, computer security, subject authentication and authorization. We want the benefit of these new Internet possibilities while simultaneously protecting our property, identity or other things important for us like our medical records and bank account numbers etc. To achieve this goal we need to be more and more interested in modern computer security and the techniques it can provide. 1.1 Overview and structure of this diploma thesis The aim of the second chapter is to pinpoint and explain cryptographic terms, that may be needed for CA implementation. It is an attempt to collect and define such terms. In the third chapter we are describing the infrastructure that is needed to be able to meet four security goals.1 We are focusing on particular items 1. The list will be provided in section 2.3. 4 1. INTRODUCTION of Public-Key Infrastructure (PKI) and explaining what it consist, of, the function of its specific parts, what they can be used for and where we can find its representatives. In the fourth chapter we continue in developing the image of the PKI by describing the exact structure of digital certificate request (DCR) and digital certificate (DC). Some portion is also dedicated to the description of the process of creating the digital certificates from DCRs. In the fifth chapter we are trying to describe and analyze current ap- proaches to certification authority implementation. We describe the char- acteristics of representatives in each category by comparing these various ways. Then we select one to implement our CA. The content of the sixth chapter is dedicated to the description of the structure and function of the Qt cryptographic architecture (QCA) – the library we have chosen for our CA implementation. We are discussing its parts, describing the selection proces and focusing on details of its classes. The seventh chapter is a summarized overview of insights and impres- sions experienced by the creation and implementation of our CA. We present a description of tools used, applications and algorithms. We also provide a TO-DO list (list of desired future possible enhancements and features). The conclusions is dedicated to the summarizing of goals, we have suc- cessfully reached and specification of the meaning of this diploma thesis. In the attachment one can find an overview of the usage of OpenSSL suite for the creation of digital certificate requests, end user and self signed CA certificates. 5 Chapter 2 Cryptography and certification authorities “The enchanting charms of this sublime science reveal only to those who have the courage to go deeply into it.” Carl Friedrich Gauss 2.1 Important cryptographic properties Let us suppose, we want to design, develop and maintain an e-commerce shop to be able to distribute our products over the Internet. One of the things we need to do, 1, is to make a list of all security goals, we would like to achieve. This is one of the tasks of modern cryptography, we will describe. But let us begin with a short classification of the cryptography. The modern cryptography is usually divided into two categories: • The classical cryptography and • the quantum cryptography. Functions, principles, methods and algorithms of classical cryptography came out of laws of classical physics – the smallest unit of information is a bit. Octets of bits are combined into bytes (B). Sequences of bits are input into many arithmetical and logical operations, and many classical cryptosys- tems can be viewed on, as processing such streams of bits. In contrast, methods used in quantum cryptography, are organized in a different way. The source of this difference is formed within the laws of microcosms and modern quantum physics. Thus, quantum cryptography 1. We will forget the need to organize and ensure the economic related tasks of our busi- ness at this moment and take into account only the informatics related part. 6 2. CRYPTOGRAPHY AND CERTIFICATION AUTHORITIES can benefit not only from the mathematical complexity of known crypto- graphic problems, 2 but also from the combination of these features with unexpected and inconvenient laws of quantum physics, to develop even better and more secure cryptographic algorithms and protocols. It is a good practice to divide classical cryptography into two groups: • Symmetric-key cryptography. • Public-key cryptography [10]. 2.2 Symmetric-key cryptography Kerchhoff's 3 principle claims: “ The security of transmitted message should not rely on secrecy of mechanism of used encryption algorithm, but on the protection of the shared secret – so called key”.