X.509 Certificate management in .Net - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

X.509 Certificate management in .Net

Description:

Overview of the topic General Discussion X.509 as in .NET Certificate Management Tools Web Services and X.509 ... Apply a policy to the Web service that ... security ... – PowerPoint PPT presentation

Number of Views:70
Avg rating:3.0/5.0
Slides: 15
Provided by: ShaktiVis
Learn more at: https://www.cs.odu.edu
Category:

less

Transcript and Presenter's Notes

Title: X.509 Certificate management in .Net


1
X.509 Certificate management in .Net
  • By,
  • Vishnu Kamisetty
  • skamiset_at_cs.odu.edu

2
Overview of the topic
  • General Discussion
  • X.509 as in .NET
  • Certificate Management Tools
  • Web Services and X.509

3
Terminology
  • Public Keys
  • These are numbers associated with a particular
    entity, and are intended to be known to everyone
    who needs to have trusted interactions with that
    entity. Public keys are used to verify
    signatures.
  • Digitally Signed
  • If some data is digitally signed it has been
    stored with the "identity" of an entity, and a
    signature that proves that entity knows about the
    data. The data is rendered unforgeable by signing
    with the entitys' private key.
  • Identity
  • A known way of addressing an entity. In some
    systems the identity is the public key, in others
    it can be anything from a Unix UID to an Email
    address to an X.509 Distinguished Name.

4
Terminology (contd..)
  • Signature
  • A signature is computed over some data using the
    private key of an entity (the signer).
  • Private Keys
  • These are numbers, each of which is supposed to
    be known only to the particular entity whose
    private key it is (that is, it's supposed to be
    kept secret). Private and public keys exist in
    pairs in all public key cryptography systems
    (also referred to as "public key crypto
    systems"). In a typical public key crypto system,
    such as DSA, a private key corresponds to exactly
    one public key. Private keys are used to compute
    signatures.
  • Entity
  • An entity is a person, organization, program,
    computer, business, bank, or something else you
    are trusting to some degree.

5
X.509 certificate in general
  • What is a certificate?
  • A public-key certificate is a digitally signed
    statement from one entity, saying that the public
    key (and some other information) of another
    entity has some specific value.
  • A certificate securely binds a public key to the
    entity that holds the corresponding private key.
  • Certificates are digitally signed by the issuing
    certification authority (CA) and can be issued
    for a user, a computer, or a service.  This
    creates a trust relationship between two unknown
    entities.
  • The X.509 standard defines what information can
    go into a certificate, and describes how to write
    it down (the data format).

6
Properties of X.509 certificates
  • It has the following properties
  • Version
  • Serial Number
  • Signature Algorithm Identifier
  • Issuer Name
  • Validity Period
  • Subject Name
  • Subject Public Key Information
  • To-be-performed actions on the certificates
  • Generate
  • Display
  • Import
  • Export
  • Access
  • Manage
  • (Java API Certificate Factory, Certificate,
    CRL, X509Certificate, X509Extension etc)

7
X.509 Certificates in .NET
  1. Managing X.509 Certificates
  2. Signing a SOAP Message Using an X.509 Certificate
  3. Verifying Digital Signatures of SOAP Messages
    Signed by an X.509 Certificate
  4. Encrypting a SOAP Message Using an X.509
    Certificate
  5. Decrypting a SOAP Message Encrypted with an X.509
    Certificate

8
Managing X.509 Certificates
  • Obtain an X.509 Certificate
  • Using the X.509 Certificate Management Tools
  • Making X.509 Certificates Accessible to WSE
  • Specifying the Certificate Authority Certificate
    Chain Used to Verify Signatures

9
Signing a SOAP Message Using an X.509 Certificate
  1. Obtain the X.509 certificate.
  2. Create a custom policy assertion.
  3. Override the Secure Message method.
  4. Add references
  5. Add Imports
  6. Add code to get an X.509 certificate.
  7. Get the client's X.509 certificate
  8. Add the X.509 certificate
  9. Create a new instance of the Message Signature
    class
  10. Add the digital signature to the SOAP header.

10
Verifying Digital Signatures of SOAP
  • To configure WSE to validate digital signatures
    for incoming SOAP messages.
  • To use code to require incoming SOAP messages be
    signed using an X.509 certificate and that it
    signed the required XML elements.

11
Encrypting a SOAP Message Using an X.509
Certificate
  • Obtain the recipient's X.509 certificate.
  • Install the recipient's X.509 certificate
  • Create a custom policy assertion.
  • Override the Secure Message method
  • Add references to the Microsoft.Web.Services3 and
    System.Web.Services assemblies.
  • Add Imports
  • Add code to get an X.509 certificate.
  • Encrypt and optionally sign the SOAP message.

12
Decrypting a SOAP Message Encrypted with an X.509
Certificate
  • Include an ltsoapServerProtocolFactorygt Element
    element in the ltwebServicesgt section.
  • Apply a policy to the Web service that requires
    SOAP messages to be encrypted by an X.509
    certificate.

13
Examples
  • To verify that incoming SOAP messages are signed
    using a X509SecurityToken security token.
  • For signing and encrypting a SOAP request to a
    Web service.

14
References
  • http//msdn2.microsoft.com/En-US/library/aa529568.
    aspx
  • http//www.codeproject.com/useritems/X509Certifica
    te.asp
  • http//www.eggheadcafe.com/articles/20021231.asp
  • http//www.aspfree.com/c/a/VB.NET/Securing-Web-Ser
    vices-with-X509-Certificates/
Write a Comment
User Comments (0)
About PowerShow.com