Ping a Specific Port

Question

Dustin Oprea

Asked: 2014-04-11 06:32:36 +0800 CST2014-04-11 06:32:36 +0800 CST 2014-04-11 06:32:36 +0800 CST

Integrity of Request/X509 Alternative Name/Extension Information

772

Am I correct in assuming that there's protection against the modification of both the subject and the extension information in a request or X509 certificate?

This signature is just another element embedded in the ASN.1 encoding?

1 Answers

Voted

Evan Anderson · Answer 1 · 2014-04-11T07:23:29+08:00

You are correct. The integrity of both of those items can be validated by the digital signatures on the request (signed with the requester's private key) or certificate (signed by the CA's private key).

Edit:

RFC 2986, section 3 describing PKCS #10 certificate requests:

3. Overview

   A certification request consists of three parts: "certification
   request information," a signature algorithm identifier, and a digital
   signature on the certification request information.

...

        1. A CertificationRequestInfo value containing a subject
           distinguished name, a subject public key, and optionally a
           set of attributes is constructed by an entity requesting
           certification.

        2. The CertificationRequestInfo value is signed with the subject
           entity's private key.  (See Section 4.2.)

and page 5:

The components of type CertificationRequestInfo have the following
   meanings:

...

 attributes is a collection of attributes providing additional
          information about the subject of the certificate.  Some
          attribute types that might be useful here are defined in PKCS
          ...
          certificate revocation.  Another example is information to
          appear in X.509 certificate extensions (e.g. the
          extensionRequest attribute from PKCS #9).  The values of type

RFC 5280 re: x.509 certificates:

4.1.1.3.  signatureValue

   The signatureValue field contains a digital signature computed upon
   the ASN.1 DER encoded tbsCertificate.  The ASN.1 DER encoded
   tbsCertificate is used as the input to the signature function.
   ...


4.1.2.  TBSCertificate

   The sequence TBSCertificate contains information associated with the
   subject of the certificate and the CA that issued it.  Every
   TBSCertificate contains the names of the subject and issuer, a public
   key associated with the subject, a validity period, a version number,
   and a serial number; some MAY contain optional unique identifier
   fields.  The remainder of this section describes the syntax and
   semantics of these fields.  A TBSCertificate usually includes
   extensions.

Integrity of Request/X509 Alternative Name/Extension Information

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?