+ All Categories
Home > Technology > Pki and OpenSSL

Pki and OpenSSL

Date post: 26-Jan-2015
Category:

Technology
Upload: tony-fabeen
View: 155 times
Download: 5 times
Download Report this document
Share this document with a friend
Description:
 
50
PKI and OpenSSL All about Digital Certification Processes Tony Fabeen @tonyfabeen
Transcript
Page 1: Pki and OpenSSL

PKI and OpenSSLAll about Digital Certification Processes

Tony Fabeen@tonyfabeen

Page 2: Pki and OpenSSL

Who am i

Page 3: Pki and OpenSSL
Page 4: Pki and OpenSSL

Minimal Security for Systems

ConfidentialityIntegrityAccess ControlAuthenticationetc.

Page 5: Pki and OpenSSL

Internet Security

HTTPS

Page 6: Pki and OpenSSL

HTTPS ?

Page 7: Pki and OpenSSL

Secure

Page 8: Pki and OpenSSL

SSLSecure Sockets Layer

Page 9: Pki and OpenSSL

TLSTransport Layer Security

Page 10: Pki and OpenSSL
Page 11: Pki and OpenSSL

SSL mechanismsCriptographyHashingDigital Signing

Page 12: Pki and OpenSSL

Cryptography

Page 13: Pki and OpenSSL

Symmetric Key Encryptionor Secret Key Crypto System

Page 14: Pki and OpenSSL

Asymmetric Key Encryption

Page 15: Pki and OpenSSL
Page 16: Pki and OpenSSL
Page 17: Pki and OpenSSL

Hashing

Page 18: Pki and OpenSSL
Page 19: Pki and OpenSSL

Digital Signing

Page 20: Pki and OpenSSL
Page 21: Pki and OpenSSL

What is PKI ?

Page 22: Pki and OpenSSL

PKI (Public Key Infrastructure)Is a structure responsible to

authenticate, identify Users andServices ensuring that information

exchanged between them will not berevealed to untrusted ones.

Page 23: Pki and OpenSSL

Not just technical stuff.It's a set of :

PeopleStandardsProceduresHardwareSoftware

Used on Digital Certificates Management.

Page 24: Pki and OpenSSL

Who manages ?

Certificate Authority(CA)

Page 25: Pki and OpenSSL

Certificate Autority (CA)CreateDistributeUseStoreRevoke

Page 26: Pki and OpenSSL

PKI Brazil

ICP - Brasil

Page 27: Pki and OpenSSL

ICP Brasil Hierarchy

Page 28: Pki and OpenSSL

ICP Brasil Hierarchy

Page 29: Pki and OpenSSL

CertificatesMain reason for PKI.

Contains information wich associatea Certificate owner to its Public Key

Page 30: Pki and OpenSSL
Page 31: Pki and OpenSSL

Cross Certification

Page 32: Pki and OpenSSL

CertificateRevogation List

(CRL)

Page 33: Pki and OpenSSL

Solutions Supported by PKI

Page 34: Pki and OpenSSL

SSL Connections

Page 35: Pki and OpenSSL

Smartcards

Page 36: Pki and OpenSSL

How To ?

Page 37: Pki and OpenSSL

OpenSSL

Page 38: Pki and OpenSSL

Open Source SSL/TLSimplementation

BSDLinuxOpenVMSSolarisWindows

Page 39: Pki and OpenSSL

Programming Languagessupport

CC++RubyPHPNodeJSetc.

Page 40: Pki and OpenSSL

OpenSSLcommands

Page 41: Pki and OpenSSL

Create a CA Request$ openssl req -new \> -config etc/devinsampa-ca.conf \> -out ca/devinsampa-ca.csr \> -keyout ca/devinsampa-ca/private/devinsampa-ca.key

Page 42: Pki and OpenSSL

Create a CA Certificate$ openssl ca -selfsign \ > -config etc/devinsampa-ca.conf \ > -in ca/devinsampa-ca.csr \ > -out ca/devinsampa-ca.crt \ > -extensions devinsampa_ca_ext

Page 43: Pki and OpenSSL

Create a new Request

$ openssl req -new \> -config etc/email.conf \> -out certs/tony.csr \> -keyout certs/tony.key

Page 44: Pki and OpenSSL

Create an e-mail certificate

$ openssl ca \> -config etc/devinsampa-ca.conf \> -in certs/tony.csr \> -out certs/tony.crt \> -extensions email_ext

Page 45: Pki and OpenSSL

Revoke Certificate

$ openssl ca \ > -config etc/devinsampa-ca.conf \> -revoke ca/devinsampa-ca/01.pem \> -crl_reason superseded

Page 46: Pki and OpenSSL

Create CRL

$ openssl ca -gencrl \> -config etc/devinsampa-ca.conf \> -out crl/devinsampa-ca.crl

Page 47: Pki and OpenSSL

Output Formats

Create DER Certificate

$ openssl x509 \

> -in certs/tony.crt \

> -out certs/tony.cer \

> -outform der

Create DER CRL

$ openssl crl \> -in crl/devinsampa-ca.crl \> -out crl/devinsampa-ca.crl \> -outform der

Page 48: Pki and OpenSSL

Referenceshttp://openssl.org/docs/apps/req.htmlhttp://openssl.org/docs/apps/ca.htmlhttp://openssl.org/docs/apps/x509.htmlhttp://openssl.org/docs/apps/crl.htmlhttp://www.iti.gov.br/

Page 49: Pki and OpenSSL

Questions

Page 50: Pki and OpenSSL

Thanks !@tonyfabeen

[email protected]


Recommended
Software Engineering and OpenSSL is not an oxymoron · OpenSSL is not an oxymoron Rich Salz Akamai Technologies OpenSSL Dev Team rsalz@{akamai.com,openssl.org} Main lesson It’s

Software Engineering and OpenSSL is not an oxymoron · OpenSSL is not an oxymoron Rich Salz Akamai Technologies OpenSSL Dev Team rsalz@{akamai.com,openssl.org} Main lesson It’s

Documents

OpenSSL FIPS 140-2 Security Policy - OpenSSL: The Open Source

OpenSSL FIPS 140-2 Security Policy - OpenSSL: The Open Source

Documents

Crypto With OpenSSL

Crypto With OpenSSL

Technology

Tomcat openssl

Tomcat openssl

Internet

A Practical Study and Analysis on OpenSSL Applicationcomp5351/main/openSSL.pdf · A Practical Study and Analysis on OpenSSL Application Internet Infrastructure Security - COMP5351

A Practical Study and Analysis on OpenSSL Applicationcomp5351/main/openSSL.pdf · A Practical Study and Analysis on OpenSSL Application Internet Infrastructure Security - COMP5351

Documents

OpenSSL Security Assessment - OSTIF

OpenSSL Security Assessment - OSTIF

Documents

OpenSSL UserGuide 2.0

OpenSSL UserGuide 2.0

Documents

Red Hat Enterprise Linux 6.6 OpenSSL Module v3.0 and Red ... · Red Hat Enterprise Linux 6.6 OpenSSL Module v3.0 and Red Hat Enterprise Linux 7.1 OpenSSL Module v4.0 FIPS 140-2 Non-proprietary

Red Hat Enterprise Linux 6.6 OpenSSL Module v3.0 and Red ... · Red Hat Enterprise Linux 6.6 OpenSSL Module v3.0 and Red Hat Enterprise Linux 7.1 OpenSSL Module v4.0 FIPS 140-2 Non-proprietary

Documents

PKI history 4 PKI – Public Key Infrastructure

PKI history 4 PKI – Public Key Infrastructure

Documents

Changes openssl

Changes openssl

Documents

SUSE Linux Enterprise 11 SP2 Highlights€¦ · 15 Example 3: Certifications / openssl • OpenSSL is a base library of every Linux system • SUSE Linux Enterprise 11 SP1: OpenSSL-0.9.8i

SUSE Linux Enterprise 11 SP2 Highlights€¦ · 15 Example 3: Certifications / openssl • OpenSSL is a base library of every Linux system • SUSE Linux Enterprise 11 SP1: OpenSSL-0.9.8i

Documents

Cisco IOS PKI Overview Understanding and Planning a PKI · Cisco IOS PKI Overview Understanding and Planning a PKI CiscoIOSpublickeyinfrastructure(PKI)providescertificatemanagementtosupportsecurityprotocols

Cisco IOS PKI Overview Understanding and Planning a PKI · Cisco IOS PKI Overview Understanding and Planning a PKI CiscoIOSpublickeyinfrastructure(PKI)providescertificatemanagementtosupportsecurityprotocols

Documents

Cryptsoft , OpenSSL Team OpenSSL after HeartBleed · SESSION ID: #RSAC Rich Salz. OpenSSL after HeartBleed. PDAC-T10R. Akamai Technologies, OpenSSL Team. Tim Hudson. Cryptsoft , OpenSSL

Cryptsoft , OpenSSL Team OpenSSL after HeartBleed · SESSION ID: #RSAC Rich Salz. OpenSSL after HeartBleed. PDAC-T10R. Akamai Technologies, OpenSSL Team. Tim Hudson. Cryptsoft , OpenSSL

Documents

OpenSSL Commands

OpenSSL Commands

Documents

Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana

Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana

Documents

PKI Robin Burke ECT 582. Outline Discussion Review The need for PKI PKI hierarchical PKI networked PKI bridging Certificate policies rationale examples.

PKI Robin Burke ECT 582. Outline Discussion Review The need for PKI PKI hierarchical PKI networked PKI bridging Certificate policies rationale examples.

Documents

OpenSSL in OpenVMS und STunnel

OpenSSL in OpenVMS und STunnel

Documents

OpenSSL FIPS 1402 Security Policy

OpenSSL FIPS 1402 Security Policy

Documents