Presentation is loading. Please wait.

Presentation is loading. Please wait.

GRID-FR French CA Alice de Bignicourt.

Published byLynn Bailey Modified over 7 years ago

Similar presentations

Presentation on theme: "GRID-FR French CA Alice de Bignicourt."— Presentation transcript:

1 GRID-FR French CA http://igc.services.cnrs.fr/GRID-FR Alice de Bignicourt

2 2June 28th 2007 Outline  Requirement to access to the GRID  GRID-FR CA  Certificate  Statistics

3 3June 28th 2007 Requirement to access to GRID 1.User certificate (authentication) 2.Access to VO or VOMS (authorization) 3.User interface or web service access

4 4June 28th 2007 Outline  Requirement to access to the GRID  About GRID-FR CA  Certificate  Statistics

5 5June 28th 2007 About GRID-FR CA  CA=Certification Authority  CA GRID-FR Issue certificates for institutes participating in GRID projects in which CNRS is involved: –EGEE, LCG, DEISA, Grid 5000, ILDG, E-Sciences, Integrative Biology, …  Issue user, server and service certificates to: French public institutes & private institutes Foreign public & private institutes, no HEP, and who do not have CA (catch-all).

6 6June 28th 2007 About GRID-FR CA Composition of a CA  CA : Certification Authority  RA : Registration Authority  EE : End Entity (person, host, service)  Certificate repository Certificates (EE, CAs) CRLs  Validation Service  Encipherment Private Key Recovery Service

7 7June 28th 2007 About GRID-FR CA  GRID-FR sign algorithm SHA1  CRL=Certification Revocation List Generated each night Lifetime : 1 month Download dedicated server: –crls.services.cnrs.fr  EUGridPMA requirements European Policy Management Authority for Grid Authentication (http://www.eugridpma.org) Activity : –To verify the minimum requirements –To accredit new CAs

8 8June 28th 2007 GRID-FR in the CNRS PKI CNRS-Standard CNRS-Plus CNRS-Projets CNRS GRID - FR SSI Partenaires-CNRS

9 9June 28th 2007 Outline  Requirement to access to the GRID  GRID-FR CA  Certificate  Statistics

10 10June 28th 2007 X509v3 Certificate  asymmetric encryption algorithm  Accredited by the trusted CA  Certificate for : User Host Service  Couple of 2 keys : Private key –NOT communicated –Encoded and protected by password Public key (also called certificate) –Signed by CA –Published

11 11June 28th 2007 Structure of an X509 certificate  Certificate Version Serial Number Algorithm ID Issuer Validity –Not Before –Not After Subject Subject Public Key Info –Public Key Algorithm –Subject Public Key Issuer Unique Identifier (Optional) Subject Unique Identifier (Optional) Extensions (Optional) –...  Certificate Signature Algorithm  Certificate Signature (Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3)

12 12June 28th 2007 Example 1/2 Certificate: Data: Version: 3 (0x2) Serial Number: 1323 (0x52b) Signature Algorithm: md5WithRSAEncryption Issuer: C=FR, O=CNRS, CN=GRID-FR Validity Not Before: Oct 3 13:13:42 2006 GMT Not After : Oct 3 13:13:42 2007 GMT Subject: O=GRID-FR, C=FR, O=CNRS, OU=UREC, CN=Alice De Bignicourt Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:f6:48:51:86:3f:c3:0e:5a:1d:69:9e:c9:a7:4c: 25:d8:a1:e7:5a:9c:6f:50:d4:d6:34:ab:3f:57:a7: 60:d9:f1:3d:58:43:3a:ca:90:fb:51:9d:2f:4a:3e: 10:d4:14:4e:48:ca:6b:9f:d0:ac:f0:b5:94:bb:15: d6:43:49:91:37:72:75:0e:1b:89:d2:7c:76:db:25: 60:d1:fd:fc:b5:20:78:18:cb:11:a3:73:9a:e3:2b: ab:a3:cd:7c:0c:6c:9a:3a:19:5e:cb:10:e6:66:f4: 8e:02:aa:8f:1b:12:e0:f8:42:5e:68:a8:53:1b:f6: c6:00:92:f0:76:77:6b:f9:cd Exponent: 65537 (0x10001) Serial Number CA Issuer Validity Subject Public Key

13 13June 28th 2007 Example 2/2 X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE Netscape Cert Type: SSL Client, S/MIME, Object Signing X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement Netscape Comment: Certificat GRID-FR. Pour toute information se reporter à http://igc.services.cnrs.fr/GRID-FR/ X509v3 Subject Key Identifier: C6:89:EF:A4:82:41:0A:3A:CB:EB:BE:36:69:35:AA:CB:27:E6:15:CC X509v3 Authority Key Identifier: keyid:77:49:79:C1:F6:BB:92:F0:EC:08:C3:EE:D1:9C:B0:77:10:8C:93:2F DirName:/C=FR/O=CNRS/CN=CNRS-Projets serial:0C X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.10813.1.1.8.1.0 X509v3 Subject Alternative Name: email:alice.de-bignicourt@urec.cnrs.fr X509v3 CRL Distribution Points: URI:http://crls.services.cnrs.fr/GRID-FR/getder.crl 1.3.6.1.4.1.7650.1: unicoreClient Signature Algorithm: md5WithRSAEncryption a6:35:3a:d8:50:2c:ab:d8:8e:67:fd:54:cf:9c:65:76:1d:31../.. Use of the certificate Version of the CA’s CP/CPS E-mail address CRL

14 14June 28th 2007 Information in the X509 certificate  Information Subject = Distinguish Name (DN) –Identifier in the Grid Lifetime –Date not bedore –Date not after Extensions  the use of the certificate  Common filename extensions for X.509-certificates are :.PEM –2 files : public key, private key protected.P7C - PKCS#7 –Certificates or CRLs.P12 - PKCS#12 –1 file : 2keys, protected Also : CER DER P7B

15 15June 28th 2007 How to obtain a GRID-FR certificate ?  Requestor Generates : –private key –public key Sends public key  RA (Registration Authority = GRID-FR manager) to verify & valid  Public key is signed and certificate issued  Requestor get back the certificate

16 16June 28th 2007 Outline  Requirement to access to the GRID  GRID-FR CA  Certificate  Statistics

17 17June 28th 2007 GRID-FR Statistics  Valide certificates (On June 7 th 2007)

18 18June 28th 2007 GRID-FR Statistics

19 19June 28th 2007 GRID-FR Statistics

20 20June 28th 2007 GRID-FR Statistics - Countries

21 Question ?

Download ppt "GRID-FR French CA Alice de Bignicourt."

Similar presentations

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Introduction of Grid Security

Introduction of Grid Security
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
It’s not about security... it’s about access! Grid Security Pieter van Beek.

It’s not about security... it’s about access! Grid Security Pieter van Beek.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
An Authorization System for Grid Applications Thesis Presentation 5 th Dec 2006 Author: Wang Xiao Supervisor: Professor Heikki Hämmäinen Instructor: MSc.

An Authorization System for Grid Applications Thesis Presentation 5 th Dec 2006 Author: Wang Xiao Supervisor: Professor Heikki Hämmäinen Instructor: MSc.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

Similar presentations

Ads by Google