Adding Multimedia Extensions to X.509 Certificates

About This Presentation

Title:

Description:

Number of Views:22

Avg rating:3.0/5.0

Slides: 18

Provided by: nicholis

Learn more at: http://cs.uccs.edu

Category:

Tags: adding | certificates | extensions | multimedia | virtualbox

Transcript and Presenter's Notes

Title: Adding Multimedia Extensions to X.509 Certificates

1
Adding Multimedia Extensions to X.509 Certificates

2
The Problem

3
Project Goal

4
Background

X.509 Certificates use fields to contain
information about the certificate holder, the
certifying organization, etc.
New fields can be added as extensions.
Extensions (and fields) are identified using
Object Identifiers (OIDs).
Creating a new extension for multimedia entails
defining and inserting new OIDs.

5
Object Identifiers (OID)?

Consist of a sequence of integers defining a data
type and object. An example is the RSA encryption
algorithm OID 1.2.840.113549.1.1.1
They must be registered and unique to be widely
accepted within browsers and PKI enabled
applications.
A repository is kept by IANA for private
enterprise arc OID the federal government has
another repository.
Big problem no real mechanism for dissemination
of new OIDs to applications.

6
X.509 Extensions

Extensions may be added to an X.509 certificate.
The extensions may be thought of as attaching a
sub certificate to the original certificate.
Problem with this approach practically no
documentation on how to do this. What
documentation exists is unclear and often
contradicts other sources of information.
Decided instead to create a new field within a
single certificate.

7
Environment

Apple Mac OS X client
Ubuntu Linux server running Apache2
Ubuntu server running as a virtual machine inside
of VirtualBox on the same machine as the client
Creation of the certificates and installation on
client and server used the same software
openssl.

8
OpenSSL

Openssl is an open source toolkit used to create,
manage, and install X.509 certificates.
Used across multiple platforms.
Well documented on using it for common tasks not
so well documented when it comes to doing
something new or unusual (like adding a new
field).

9
The Process

Create fields to contain multimedia information
and add to the configuration files on the server
and the client.
Use the openssl command with the correct switches
and parameters to create the certificate.
Install the certificate on both the server and
the client.
Test the new new multimedia extension.

10
Multimedia Field

The new field will be called video_file.
The new OID will be 1.2.3.4
The content within the field is a link to a video
file.
The idea is the have the client application
automatically grab the video file when presented
with a valid certificate after having been
authenticated by the server.
However, this last step never worked because it
would entail modifying the browser and time did
not permit this.

11
OpenSSL Configuration Files

The openSSl configuration file is used to specify
default values and to specify new fields and
extensions.
Various sections correspond to the different
steps undertaken during the creation of the
certification.
Created a different file for each step of the
process.

12
servreq

13
clientreq

14
careq

15
Outcome

Succeeded in creating a successful certificate
and installing it on the server and the client.
Unable to get the client to work properly when
connecting to the secure site the problem turned
out to be related to the way openSSL was
implemented on the Mac.
Not able to implement server or client code for
automatic redirection to a multimedia file.

16
Future Work

Create an entire new multimedia extension to the
certificate instead of adding new fields.
Create modifications to the server and the client
to handle processing of the new fields and/or
extension.
Develop an algorithm for distribution of the
certificates.
Determine what information should be included
within the multimedia extension.

17
References