All geek questions in one place

Relative: PKCS7, X509 and DER

I am new to the World of Cryptography. I started working with OPENSSL. I need information, and basically I have some doubts. I have a DER format file. I read the file using the following command, "openssl x509 -inform DER -in filename.der -text" I got what it should have been.

Following the things I wanted to know: 1. What is the difference between PKCS7, DER and X509? (My understanding is DER is the format, X509 is the certificate, and PKCS7 is the standard)

  1. I wrote a test file that accepts a DER file and displays the version, serial number, theme, validity date, and Validity after date, but I cannot verify the certificate. The following is the API used.

    int i = X509_verify (X509 * x509, X509_get_pubkey (X509 * x509)); But the value of "i" is equal to "i" <0 (zero) That's why I get "signature verification problems". How to overcome this?

  2. In my test file I can’t read “Signature Algorithm”, “Public Key Theme”, “X509v3 Extensions” and “----- BEGIN CERTIFICATE -----" to "- ---- END OF CERTIFICATE - --- "

Please provide some details.

Thanks at Advance. openSid

+4
source share
2 answers

PKCS # 7 is a cryptographic standard published by RSA Security in 1993 that deals with data to which cryptography is applied. Its standard for secure data storage. PKCS # 7 refers to the X.509 standard as a source for certificate formatting.

X.509 is a widely distributed security standards document published in 1998 that includes, among other things, certificate file formats.

X.509 indicates that certificates should be encoded using the ASN.1 Distinctive Encoding Rules (documented in X.208 and now X.608), first published in 1984.

So, DER says how to encode some strings and numeric source data in binary format, X.509 says what data needs to be converted to a digital certificate, and PKCS # 7 tells how to use this certificate to digitally sign a message.

Privacy Enhanced Mail - some tool released before OpenSSL - for sending PKCS # 7 "wrapped" data to e-mail messages, which at that time were exchanged for systems that supported only 7-bit ASCII characters - "PEM" created a standard for using Base64 for encoding X.509 certificates required by PKCS # 7 and storing base64 inside ----- BEGIN ??? ----- ----- END ??? ----- where ??? can be RSA PRIVATE KEY, PSA PUBLIC KEY, CERTIFICATE, etc.

+12
source

PKCS components are PKCS # 1, PKCS # 5, PKCS # 7, PKCS # 8, PKCS # 9, PKCS # 10 and PKCS # 12, PKCS standards are specifications created by RSA Laboratories in collaboration with secure system developers worldwide to accelerate the deployment of public-key cryptography.

A user can request a certificate from a Certificate Authority for this user in order to send his or her public key to a PKCS # 10 object in CA. When the request is approved, the CA issues a certificate that is wrapped in an Object formatted in PKCS # 7.

PKCS # 7 defines the standard data format for which cryptography was applied, PKCS # 7 indicates only the data format, not the choice of any specific algorithms (X509)

The X.509 certificate is a public key packed with information about the certificate holder and issuer

0
source

Source: https://habr.com/ru/post/1305737/

More articles:


All Articles