A guide to PKIs and Open–source Implementations
Symeon (Simos) Xenitellis
OpenCA Team
Copyright © 1999, 2000 by Symeon (Simos) Xenitellis
This document describes Public Key Infrastructures, the PKIX standards, practical PKI functionality and gives an overview of available open–source PKI implementations. Its aim is foster the creation of viable open–source PKI implementatations.
The latest version of this document can be found at the OSPKI Book WWW site athttp://ospkibook.sourceforge.net/.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being the chapters Chapter 13("Contributions") and the Colophon ("About this document"), with Front-Cover Texts being the text "The Open–source PKI Book, A guide to PKIs and Open–source Implementations" and with Back-Cover Texts being the text "The author's studies are funded by State's Scholarship Foundation (SSF) of Greece". A copy of the license is included in Appendix Eentitled "GNU Free Documentation License".
Table of Contents
- Creation of the key–pair and the certificate request
- Signing of the certificate request by the Certification Authority
- Certification Authority chains
- Typical uses of public key cryptography
- Prerequisites
- Useful open–source software
- Initialisation of the Certification Authority
- Generate the RSA key–pair for the CA
- Create a self–signed CA Certificate
- User/Server key generation and signing
- Generate the RSA key–pair for a user/server
- Generate a certificate request
- Ask the CA to sign the certificate request
- Internet X.509 Public Key Infrastructure (PKIX)
- Architecture for Public-Key Infrastructure (APKI)
- The NIST Public Key Infrastructure Program
- Abbreviations
- Concepts
- Certificate–using Systems and PKIs
- Certificate–using Systems and PMIs
- Overview of the PKIX approach
- PKIX standardisation areas
- Public–key infrastructure functionality
- Public–Key Infrastructure (PKI)
- Privilege Management Infrastructure (PMI)
- The pyCA Certification Authority
- The OpenCA Project[TODO]
- OpenCA Layout
- OpenCA Abbreviations
- Software packages
- Functionality of the CA Server (CAServer)
- Functionality of the RA Server (RAServer)
- Functionality of the RA Operators (RAOperators)
- Status of the OpenCA Project
- Future OpenCA work
- The Oscar Public Key Infrastructure Project
- Jonah: Freeware PKIX reference implementation
- Mozilla Open Source PKI projects
- Personal Security Manager (PSM)
- Network Security Services (NSS)
- JavaScript API for Client Certificate Management
- MISPC Reference Implementation
- TrustWay Crypto PCI 2000
- PowerCrypt Encryption Accelerator
- CryptoSwift eCommerce Accelerator
- Movement for the Use of Smart Cards in a Linux Environment (MUSCLE)
- Linux Smart Card Starter's Kit from Schlumberger
- The gpkcs11 PKCS#11 open–source implementation
- Common Data Security Architecture (CDSA)
- Single Sign–on
- The KeyMan PKI Management Tool
- Distributed Audit Service (XDAS)
- Generic Security Service API (GSS-API)
- Simple Network Time Protocol (SNTP)
- Lightweight Directory Access Protocol (LDAP)
- S/MIME CMS [TODO]
12. Trademarks
13. Contributions
A. Perl modules
- Sample Encrypted Private Key in PEM format (2048 bits)
- Sample Private Key in PEM format (2048 bits)
- Sample Private Key in TXT format (2048 bits)
- Sample CA Certificate in PEM format
- Sample CA Certificate in TXT format
- Sample certificate request in PEM format
- Sample certificate request in TXT format
- Software installation sequence
- Installation of Perl modules
- Installation of OpenCA–specific modules
- Installation of OpenCA
- WWW Server installation
- LDAP installation
- openssl.cnf configuration for OpenCA
E. License
- GNU Free Documentation License
- PREAMBLE
- APPLICABILITY AND DEFINITIONS
- VERBATIM COPYING
- COPYING IN QUANTITY
- MODIFICATIONS
- COMBINING DOCUMENTS
- COLLECTIONS OF DOCUMENTS
- AGGREGATION WITH INDEPENDENT WORKS
- TRANSLATION
- TERMINATION
- FUTURE REVISIONS OF THIS LICENSE
List of Tables
- 6-1. PKIX Terms
- 6-2. Table of RFCs for PKIX documents
- 6-3. PKI functionality
- 6-4. PKI components
- 6-5. PMI components
- 7-1. OpenCA Abbreviations
- 7-2. Current Versions of OpenCA prerequisite software
- 8-1. WWW Support Locations
- D-1. Software installation matrix
- D-2. CAServer installation parameters
- D-3. RAServer WWW Server installation parameters
- D-4. RAServer installation parameters
- D-5. RAServer WWW Server installation parameters
- D-6. RAOperator WWW Server installation parameters
- D-7. openssl.cnf default values
List of Figures