Qualified Certificate Request
Philipp Gühring
pg at futureware.at
Thu Jul 21 12:55:45 EDT 2005
Hello,
Peter Saint-Andre invited me here to present my concept of Qualified
Certificate Requests to you.
It is a long-term goal of CAcert to be able to provide qualified certificates.
Regarding the requirements for qualified certificates, the only obstacle we
still have is the problem, that CAcert has to make sure, that the private key
for the certificate is generated and stored securely in a SmartCard, or
another Hardware Token.
Since the users should be able to issue the certificates at home, we need a
technical solution to make sure, that the private key is from within a
SmartCard, when we receive a certificate request.
Therefore I designed "Qualified Certificate Requests", which cryptographically
signs the public key in the CSR with a vendor key, to state that it comes
from a secure device.
Now I created a software-based reference implementation, so that the security
of the system can be evaluated, and that the Token Vendors can see how to do
it, and can do interop testing.
http://www2.futureware.at/svn/sourcerer/CAcert/QCSR/
And here is the documentation:
http://wiki.cacert.org/wiki/QualifiedCertificateRequest
Please test it, analyze it, try to break it.
Regards,
Philipp Gühring
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list