CSCI6268L17 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #17 Oct 9, 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSR: Certificate Request You will generate a CSR Certificate Request Has your name, email, other info, your public key, and you sign it Send your CSR to the CA CA will sign it if it is properly formatted His signature overwrites your signature on the CSR Once CA signs your CSR it becomes a certificate
Background image of page 2
Creating a CSR % openssl req -key john-priv.pem -new -out john-req.pem Enter pass phrase for john-priv.pem: You are about to be asked to enter information that will be incorporated into your certificate request. Country Name (2 letter code) [AU]: US State or Province Name (full name) [Some-State]: Colorado Locality Name (eg, city) []: Boulder Organization Name (eg, company) [Internet Widgits Pty Ltd]: University of Colorado Organizational Unit Name (eg, section) []: Computer Science Common Name (eg, YOUR name) []: John Black Email Address []: jrblack@cs.colorado.edu (Leave the rest blank) This outputs the file john-req.pem which is a cert request
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Viewing a CSR % openssl req -in john-req.pem -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=Colorado, L=Boulder, O=University of Colorado, OU=Computer Science, CN=John Black/emailAddress=jrblack@cs.colorado.edu Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ca:40:b9:ef:31:c2:84:73:ab:ef:e2:6d:07:17: 83:5e:96:46:24:25:38:ed:7a:60:54:58:e6:f4:7b: ... 27:de:00:09:40:0c:5e:80:17 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: md5WithRSAEncryption 32:e1:3f:e2:12:47:74:88:a3:f9:f4:44:8a:f3:b7:4e:d1:14: 1f:0b:be:b8:19:be:45:40:ed:5b:fb:ab:9b:01:e8:9a:26:0c: ... 9c:e0 CSR is signed by you Note: not password protected
Background image of page 4
CSRs Why is your CSR signed by you? Ensures that the CSR author (you) have the private key corresponding to the public key in the CSR If we didn’t do this, I could get the CA to sign anyone’s public key as my own – Not that big a deal since I can’t decrypt things without the corresponding private key, but still we disallow this Why does the CA sign your public key Well, because that’s his reason for existence, as discussed previously Ok, let’s say I email my CSR to the CA and he signs it… then what?
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 15

CSCI6268L17 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online