X.509 Certificate management in .Net - PowerPoint PPT Presentation

1 / 14

About This Presentation

Title:

X.509 Certificate management in .Net

Description:

Number of Views:65

Avg rating:3.0/5.0

Slides: 15

Provided by: ShaktiVis

Learn more at: https://www.cs.odu.edu

Category:

Tags: certificate | management | net | security | service

Transcript and Presenter's Notes

Title: X.509 Certificate management in .Net

1
X.509 Certificate management in .Net

2
Overview of the topic

3
Terminology

Public Keys
These are numbers associated with a particular
entity, and are intended to be known to everyone
who needs to have trusted interactions with that
entity. Public keys are used to verify
signatures.
Digitally Signed
If some data is digitally signed it has been
stored with the "identity" of an entity, and a
signature that proves that entity knows about the
data. The data is rendered unforgeable by signing
with the entitys' private key.
Identity
A known way of addressing an entity. In some
systems the identity is the public key, in others
it can be anything from a Unix UID to an Email
address to an X.509 Distinguished Name.

4
Terminology (contd..)

Signature
A signature is computed over some data using the
private key of an entity (the signer).
Private Keys
These are numbers, each of which is supposed to
be known only to the particular entity whose
private key it is (that is, it's supposed to be
kept secret). Private and public keys exist in
pairs in all public key cryptography systems
(also referred to as "public key crypto
systems"). In a typical public key crypto system,
such as DSA, a private key corresponds to exactly
one public key. Private keys are used to compute
signatures.
Entity
An entity is a person, organization, program,
computer, business, bank, or something else you
are trusting to some degree.

5
X.509 certificate in general

What is a certificate?
A public-key certificate is a digitally signed
statement from one entity, saying that the public
key (and some other information) of another
entity has some specific value.
A certificate securely binds a public key to the
entity that holds the corresponding private key.
Certificates are digitally signed by the issuing
certification authority (CA) and can be issued
for a user, a computer, or a service. This
creates a trust relationship between two unknown
entities.
The X.509 standard defines what information can
go into a certificate, and describes how to write
it down (the data format).

6
Properties of X.509 certificates

To-be-performed actions on the certificates
Generate
Display
Import
Export
Access
Manage
(Java API Certificate Factory, Certificate,
CRL, X509Certificate, X509Extension etc)

7
X.509 Certificates in .NET

8
Managing X.509 Certificates

Obtain an X.509 Certificate
Using the X.509 Certificate Management Tools
Making X.509 Certificates Accessible to WSE
Specifying the Certificate Authority Certificate
Chain Used to Verify Signatures

9
Signing a SOAP Message Using an X.509 Certificate

10
Verifying Digital Signatures of SOAP

To configure WSE to validate digital signatures
for incoming SOAP messages.
To use code to require incoming SOAP messages be
signed using an X.509 certificate and that it
signed the required XML elements.

11
Encrypting a SOAP Message Using an X.509
Certificate

Obtain the recipient's X.509 certificate.
Install the recipient's X.509 certificate
Create a custom policy assertion.
Override the Secure Message method
Add references to the Microsoft.Web.Services3 and
System.Web.Services assemblies.
Add Imports
Add code to get an X.509 certificate.
Encrypt and optionally sign the SOAP message.

12
Decrypting a SOAP Message Encrypted with an X.509
Certificate

Include an ltsoapServerProtocolFactorygt Element
element in the ltwebServicesgt section.
Apply a policy to the Web service that requires
SOAP messages to be encrypted by an X.509
certificate.

13
Examples