Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI Processing with OpenSSL Rodney Thayer

Published byPenelope Ramsey Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI Processing with OpenSSL Rodney Thayer"— Presentation transcript:

1 PKI Processing with OpenSSL Rodney Thayer rodney@tillerman.to

2 Rodney Thayer2 Contents Standards Protocols OpenSSL as a Tool OpenSSL as PKI Tool OpenSSL as PKI Subsystem

3 Rodney Thayer3 Introduction Open source OpenSSL (formerly SSLEAY) Processes IETF TLS and SSL 2,3 (Netscape) Processes Public Key certificates (for PKI)

4 Rodney Thayer4 Standards Algorithms: RSA, DSA, MD5, SHA-1 RFC 2459 (PKIX); X.509 DER and PEM PKI Standard features: Roots, CRL’s, OCSP PKCS 7, 1, 10

5 Rodney Thayer5 Protocols TLS and SSL, using certificates SMIME IPsec for VPN’s

6 Rodney Thayer6 OpenSSL as a Tool

7 Rodney Thayer7 ‘openssl’ - the program Apps/ directory commands for tls tests commands for crypto commands for cert processing uses simple keystore uses DER and PEM format certificates

8 Rodney Thayer8 Standard commands asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa dsaparam enc errstr gendh gendsa genrsa nseq passwd pkcs12 pkcs7 pkcs8 rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac verify version x509

9 Rodney Thayer9 Message Digest commands (see the `dgst' command for more details) md2 md4 md5 mdc2 rmd160 sha sha1

10 Rodney Thayer10 Cipher commands (see the `enc' command for more details) base64 bf bf-cbc bf-cfb bf-ecb bf-ofb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb

11 Rodney Thayer11 OpenSSL as a PKI Tool

12 Rodney Thayer12 ‘openssl’ - the program Apps/ directory commands for tls tests commands for crypto commands for cert processing uses simple keystore uses DER and PEM format certificates

13 Rodney Thayer13 ‘openssl’ commands  asn1parse ca crl crl2pkcs7 dsaparam

14 Rodney Thayer14 ‘openssl’ commands ( cont.) Pkcs7 req x509

15 Rodney Thayer15 OpenSSL as a Subsystem Builds to a library API for certificate processing API for underlying crypto operations used by TLS/SSL, ‘openssl’ application

16 Rodney Thayer16 Subsystem Uses TLS and SSL SMIME OpenSSH GPKCS Embedded systems

17 Rodney Thayer17 API Calls for Cert Request See apps/req.c 1. Make key pair 2. Configure certificate request 3. Sign certificate request 4. Output as DER or PEM

18 Rodney Thayer18

19 Rodney Thayer19 Conclusion General purpose cryptographic tool Provides PKI processing Out of the box support for standards Published API Definitely product-grade solution

20 Contact Info Rodney Thayer The Tillerman Group rodney@tillerman.to http://www.pkiclue.com/presentations

Download ppt "PKI Processing with OpenSSL Rodney Thayer"

Similar presentations

Public Key Infrastructure What can it do for you?.

Public Key Infrastructure What can it do for you?.
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
1 PK-Enabling Toolkits August 27, 2001. 2 CSOS Interfaces STATUS CHECKING Network Interface: HTTP Port 80 PKI Interface: PKCS 10 Request PKCS 7 Response.

1 PK-Enabling Toolkits August 27, CSOS Interfaces STATUS CHECKING Network Interface: HTTP Port 80 PKI Interface: PKCS 10 Request PKCS 7 Response.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Introduction to OpenSSL Jing Dalhousie University.

Introduction to OpenSSL Jing Dalhousie University.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Secure Teleradiology Nick Collett Brookside Consulting

Secure Teleradiology Nick Collett Brookside Consulting
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

Similar presentations

Ads by Google