Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [x.509]

X.509 is a standard for a public key infrastructure used for authentication and access control. X.509 specifies standard formats for certificates, revocation lists, attribute certificates, and path validation.

In cryptography, X.509 is an ITU-T standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

X.509 was initially issued on July 3, 1988 and was begun in association with the X.500 standard. It assumes a strict hierarchical system of certificate authorities (CAs) for issuing the certificates. This contrasts with web of trust models, like PGP, where anyone (not just special CAs) may sign and thus attest to the validity of others' key certificates. Version 3 of X.509 includes the flexibility to support other topologies like bridges and meshes (RFC 4158).

14 questions
3
votes
2 answers

Is it possible to use X.509 for a symmetric-key algorithm?

I read on wikipedia what is X.509: In cryptography, X.509 is a standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS[1], the secure protocol…
Ced
  • 595
  • 1
  • 4
  • 8
3
votes
1 answer

How to identify RSASSA-PSS from rsaEncryption OID?

Following the RFC 8446 it states that: RSASSA-PSS RSAE algorithms: Indicates a signature algorithm using RSASSA-PSS [RFC8017] with mask generation function 1. The digest used in the mask generation function and the digest being signed are both…
user65677
  • 65
  • 1
  • 4
3
votes
1 answer

Find hash and signature algorithms used in an X.509 certificate signed with RSASSA-PSS

I'm trying to understand the new PSS scheme, but having trouble figuring out how to parse it properly. When receiving a certificate with OID of RSASSA-PSS, how can I know which hash and signing algorithm was used?
user65677
  • 65
  • 1
  • 4
2
votes
1 answer

Advanced Electronic Signature: PKCS#7 to PFX Conversion

I am a user requiring a legal signature to be installed on a SAP/R3 application. For the past few years a service provider provided a X.509 advanced signature certificate that could be exported as a .pfx file and installed on SAP. A new service…
skvery
  • 71
  • 2
2
votes
0 answers

What security is provided by a certificate?

I've been working on the topic of certificates for a little while, and here is what I understand: A certificate is basically a public key + some data about the owner of the certificate + a signature made by the private key of the owner When a…
SPH
  • 121
  • 3
2
votes
1 answer

Does the multiplicative property apply to modern, non-text book RSA?

I'm aware of the multiplicative property of the textbook RSA and how it can be used to get a signature from a CA without having the CA directly signing it. My question is - can this apply to the real world in modern implementations of RSA? More…
shaqed
  • 123
  • 3
2
votes
1 answer

Kyber prime modulus p and base generator g

I am trying to learn more about Crystals Kyber. I am playing around with a Java implementation. I am only focussing on Kyber-512 for now, I have locally changed the source code in order to remove the DER PKCS8/X.509 encodings so my public/private…
Bart
  • 123
  • 4
1
vote
1 answer

How is PKCS a syntax to digitally sign, digest, authenticate, or encrypt arbitrary message content

I am really confused over PKCS. I saw this question but I do not have enough reputation to leave a comment so I am asking a new question to clarify. I am trying to understand what exactly PKCS and in extension what CMS is. I have stumbled on the…
Finlay Weber
  • 504
  • 1
  • 3
  • 12
1
vote
1 answer

X.509 CA bundle content

I recently looked into the subject of public key cryptography (especially with X.509 certificates). I am the administrator of a web server using HTTPS which uses 2 levels of certificates (in addition to the end-user certificate for the website).…
user110148
1
vote
1 answer

SPKI Public Key to Compressed Public Key

I currently have a DER-encoded X.509 ECC SECP256K1 public key, also known as SubjectPublicKeyInfo (SPKI) from AWS KMS. How do I convert it to a 66 hexadecimal compressed public key string?
yijie
  • 13
  • 4
1
vote
3 answers

How do certificates add data to public key and how is this implemented into TLS?

I want to create a self signed PKI for a couple servers I am running. I am finding tutorials with copy paste commands from openssl, and hand waving explanations that describe the general purpose of signing certificates, or 20 page papers on the…
Damian Games
  • 11
  • 2
0
votes
0 answers

How is the identitiy of a subject in a Public Key Certificate verified by the Certificate Authority (CA)?

A general digital certificate issued by a CA might contain information about the individual/organization to whom the certificate belongs. As an example, consider this sample scenario: This PKC contains identifying information of the individual to…
Tabish Mir
  • 258
  • 2
  • 13
0
votes
1 answer

PKCS#10 why keeping the Subject Public Key in the X.509 Certificate

In the pkcs#10 workflow to obtain the x.509 certificate used in digital signature, in the Certificate Request Information, itself in the CSR, we have the Subject Public Key. That Subject Public Key will be used to verify that the CSR isn't modified…
T.Nel
  • 103
  • 3
0
votes
0 answers

Bandwidth-Efficient Non-Repudiation

I'm working on a project that involves broadcast (uni-directional) streaming and requires non-repudiation. Essentially, a device broadcasts a data stream over the air, and any receiving station needs to be confident that the data was actually…
Jordan
  • 131
  • 3