1、 KS X ISO 157822 KSKSKSKS SKSKSKS KSKSKS SKSKS KSKS SKS KS 2: KS X ISO 157822 : 2007 (2012 ) 2007 11 30 http:/www.kats.go.krKS X ISO 157822:2007 : e- ( ) ( ) () () ( ) : (http:/www.standard.go.kr) : :2002 11 20 :2007 11 30 :2012 12 28 : e- 2012-0863 : ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , .
2、KS X ISO 157822:2007 i e . KS X ISO 157822:2007 . A() KS X ISO 15782 “ ” . 1: 2: KS X ISO 157822 : 2007 (2012 ) 2: Banking Certificate management Part 2 :Certificate extensions 2001 1 ISO 157822, BankingCertificate managementPart 2:Certi ficate extensions , . 1 KS X ISO/IEC 95948 . . KS X ISO 157821
3、 . ASN.1 (Distinguished Encoding Rules: DER) KS X ISO/IEC 88251_2002 . KS X ISO/IEC 95948 DER . 2 . . ( ) . KS X 41012, 2: (ISO/IEC 95942 |ITUT Recommendation X.501, Information technologyOpen Systems Interconnection The Directory:Models) KS X ISO/IEC 95948:2007 |ITU-T Recommendation X.509(1997), In
4、formation technologyOpen Systems InterconnectionThe Directory:Authentication framework KS X ISO/IEC 98341 |CCITT Recommendation X.660, Information technologyOpen System Intercon nectionProcedures for the operation of OSI Registration Authorities:General procedures KS X ISO/IEC 100214 |ITU-T Recommen
5、dation X.411, Information technologyMessage Handling Systems(MHS)Message transfer system : Abstract service definition and procedures KS X ISO 157821, 1: RFC 791:1981 1) , Internet protocol RFC 822:1982 2) , Standard for the format of ARPA Internet text message 1) RFC 760 , RFC 1060 2) RFC 733 , RFC
6、 987 , RFC 1327 KS X ISO 157822:2007 2 RFC 1035:1987 3) , Domain namesImplementation and specification RFC 1630:1994, Universal resource identifiers in WWW:A unifying syntax for the expression of names and addresses of objects on the network as used in the world-wide web FIPS-PUB 1401:1993, Security
7、 requirements for cryptographic modules 3 . 3.1 (attribute) 3.2 (CA certificate) 3.3 (certificate) , 3.4 (certificate hold) 3.5 (certificate policy) / . 1 ( ) . . X.509 3 (object identifier) . . 2 X.509 3 , , . . ( ) ( ). 3.6 (Certificate Revocation List:CRL) 3) RFC 973 , RFC 2136 , RFC 2137 , RFC 1
8、348 , RFC 1995 , RFC 1996 , RFC 2065 , RFC 2181 , RFC 2308 KS X ISO 157822:2007 3 3.7 (certificate-using system) 3.8 (certification) 3.9 (Certification Authority:CA) 3.10 (certification path) , 3.11 (Certification Practice Statement:CPS) 3.12 (compromise) 3.13 (CRL distribution point) . 3.14 (cross
9、certification) (3.37) 3.15 (cryptographic key, key) . 3.16 (cryptographic module) KS X ISO 157822:2007 4 , , , 3.17 (cryptography) , , , 3.18 (data integrity) 3.19 CRL (delta-CRL) CRL (CRL) 3.20 (digital signature, signature) , 3.21 (directory, repository) X.500 3.22 (distinguished name) . . 3.23 (e
10、nd certificate) 3.24 (end entity) 3.25 (entity) , 3.26 (financial message) KS X ISO 157822:2007 5 3.27 (intermediate certificates) 3.28 (key) (3.15) 3.29 (key agreement) 3.30 (key pair) 3.31 (keying material) , 3.32 (key pair updating) / 3.33 (message) 3.34 (module) (3.16) 3.35 (non-repudiation) 3 .
11、 ( , , , , ). 3.36 (optional) . ASN.1 “OPTIONAL” . KS X ISO 157822:2007 6 3.37 (policy mapping) , ( .) (3.14) 3.38 (policy qualifier) X.509 3.39 (private key) 3.40 (public key) 3.41 (Registration Authority:RA) . . , . . 3.42 (relying party) , 3.43 (signature) (3.20) 3.44 (subject) 3.45 (subject CA)
12、3.46 (subject end entity) 3.47 (user) (3.42) KS X ISO 157822:2007 7 4 . ASN.1 (Abstract Syntax Notation) CA (Certification Authority) DIT (Directory Information Tree) CRL (Certification Revocation List) ITU (International Telecommunication Union) 1 , X.509 . 2 CertReqData CRLEntry (ASN.1) . ASN.1 .
13、5 KS X ISO/IEC 95948 3 CA . CRLs . . a) : CRL , , . b) : CRL , CRL . . c) : CA , CA CA . . CA . d) CRL : CRL CRL , CRL CRL CRL CRL . e) CRL CRLs: CRL CA CRL , CA CRL . CRL CRL . CRL CRL . CRL, critical non-critical . critical KS X ISO 157822:2007 8 . non-critical . critical, non-critical CRL critica
14、l . non-critical . . . non-critical . a) b) critical CA . , CRL CRL . 10.4 CRLs CRLs . . (6.2.8 ) (8.2.3 ) (8.2.4 ) (10.4 ) . 6 6.1 . a) CA . . CA . b) , , . CA . KS X ISO 157822:2007 9 c) . . . d) . . . e) . f) , . CA CA . . g) KS X ISO 157821 . 6.2 CRL 6.2.1 . a) (authority key identifier) b) (sub
15、ject key identifier) c) (key usage) d) (extended key usage) e) (private key usage period) f) (certificate policies) g) (policy mappings) CRL . , CA . KS X ISO 157821 . 6.2.2 CRL CRL . CA ( ). . authorityKeyIdentifier EXTENSION := SYNTAX AuthorityKeyIdentifier IDENTIFIED BY id-ce-authorityKeyIdentifi
16、er AuthorityKeyIdentifier := SEQUENCE keyIdentifier 0 KeyIdentifier OPTIONAL, authorityCertIssuer 1 GeneralNames OPTIONAL, authorityCertSerialNumber 2 CertificateSerialNumber OPTIONAL KS X ISO 157822:2007 10 ( WITH COMPONENTS ., authorityCertIssuer PRESENT, authorityCertSerialNumber PRESENT | WITH C
17、OMPONENTS ., authorityCertIssuer ABSENT, authorityCertSerialNumber ABSENT ) KeyIdentifier := OCTET STRING . keyIdentifier (authorityCertIssuer authorityCertSerialN umber ) CRL . CRL . authorityCertIssuer . GeneralNames 7.2.2 . (, ) . non-critical. 6.2.3 . ( ). . subjectKeyIdentifier EXTENSION := SYN
18、TAX SubjectKeyIdentifier IDENTIFIED BY id-ce-subjectKeyIdentifier SubjectKeyIdentifier := KeyIdentifier . non-critical. 6.2.4 . keyUsage EXTENSION := SYNTAX KeyUsage IDENTIFIED BY id-ce-keyUsage KeyUsage := BIT STRING digitalSignature (0), nonRepudiation (1), KS X ISO 157822:2007 11 keyEncipherment
19、(2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) KeyUsage . a) digitalSignature: ( 1), ( 5) ( 6) . . b) nonRepudiation: f) g) CRL 4)c) keyEncipherment: , . CA keyEncipherment . d) dataEncipherment: . c) . CA dataEncipherment . e) keyAgreement: CA keyAgreement . f) keyCertSign: CA CA keyCertSign . CA . g) cRLSign:CRL CA CRL cRLSign . h) encipherOnly decipherOnly . 7(encipherOnly) 8(decipherOnly)
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1