Presentation is loading. Please wait.

Presentation is loading. Please wait.

A short guide for using encryption keys and certificates in PEPPOL

Published byΛάμεχ Αντωνόπουλος Modified over 6 years ago

Similar presentations

Presentation on theme: "A short guide for using encryption keys and certificates in PEPPOL"— Presentation transcript:

1 A short guide for using encryption keys and certificates in PEPPOL
PKI and Certificates A short guide for using encryption keys and certificates in PEPPOL

2 Agency for Public Management and eGovernment
Concepts covered Encryption keys Symmetric Asymmetric Certificate Message digests Digital signatures Agency for Public Management and eGovernment

3 Direktoratet for forvaltning og IKT
Symmetric key Usually a long integer, i.e bits Sender and receiver agree: The key The algorithm Nobody can decrypt? 13 November 2018 Direktoratet for forvaltning og IKT

4 Direktoratet for forvaltning og IKT
The problem 700 BC Spartan Scytale Exchanging the encryption key is the major problem! 13 November 2018 Direktoratet for forvaltning og IKT

5 Direktoratet for forvaltning og IKT
Asymmetric keys Two integers belonging together: Encrypt with one of the keys Decrypt with the other key 13 November 2018 Direktoratet for forvaltning og IKT

6 Direktoratet for forvaltning og IKT
Which key to use? Encrypt with receivers public key Decrypt with receivers privat key 13 November 2018 Direktoratet for forvaltning og IKT

7 Direktoratet for forvaltning og IKT
X.509 Certificate Data structure Certifies the owner of the public key The public key is included Signed with the private key of the certificate issuing authority (CA) Belongs to Difi 13 November 2018 Direktoratet for forvaltning og IKT

8 Chain of trust Certificates are signed With private key of issuer
Owner’s Public Key Owner’s Public Distinguished Name Issuer’s (CA) Distinguished Name Issuer’s Signature Certificates are signed With private key of issuer Owner’s Public Key Owner’s (CA) Distinguished Name Issuer’s (Root CA’s) Issuer’s Signature Root CA’s Public Key Root CA’s Distinguished Name Root CA’s Signature Verification Verification 13 November 2018 Direktoratet for forvaltning og IKT

9 Direktoratet for forvaltning og IKT
PEPPOL Chain of trust PEPPOL Root CA PEPPOL intermediate AP PEPPOL intermediate SMP Access Point “ELMA” Access Point Access Point 13 November 2018 Direktoratet for forvaltning og IKT

10 Direktoratet for forvaltning og IKT
X.509 certificates Several formats of storage PEM – ASCII (base64) with “---- BEGIN” DER/CER/CRT – binary formats JKS – Java Keystore Hint: use openssl tool and Java’s keytool 13 November 2018 Direktoratet for forvaltning og IKT

11 Direktoratet for forvaltning og IKT
Sample X.509 certificate 13 November 2018 Direktoratet for forvaltning og IKT

12 Renewal vs recplacement
Renewal caused problems PEPPOL replaces certificates Choose “enrolment” on the web pages! Follow the instructions on github.com/oxalis Create a pair of keys Create a Certificate Signing Request (CSR) Upload the CSR Download the certificate Create Java keystore Intermediate certificates are supplied in Oxalis 13 November 2018 Direktoratet for forvaltning og IKT

13 Certificates provided in Oxalis
DEMO 13 November 2018 Direktoratet for forvaltning og IKT

14 A stich in time saves nine!
Check the expiration date! Distinguished Name (DN) 13 November 2018 Direktoratet for forvaltning og IKT

15

Download ppt "A short guide for using encryption keys and certificates in PEPPOL"

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 17 Prof. Crista Lopes.

INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 17 Prof. Crista Lopes.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Similar presentations

Ads by Google