[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] International Step-Up Encryption Certificate



May be a little off topic, but here goes.

I am working on a project where we are implementing our server (Notes)
to use International Step-Up Encryption (Server Gated Cryptograpy)
Certificates. We want to generate our own certificates for testing, and
we have managed to do so using the JCE Toolkit. They are however
standard CErtificates. not Step-up certificates.

I want to generate a certificate, which allows a Step-Up from an Export
RC4 - 40 bit secret to a true 128 bit RC-4. I read om the netscape
devloper site:
http://developer.netscape.com:80/tech/security/stepup/overview.html
that you require a special type of certificate. I know a coouple of
sites that use it, and so made a SSLClient app that printed off the
certificate of such servers, and found that there were 4-5 V3 Extensions
on the certificates.

3 of them are known types, but 2 are unknowm.

So the question is, is there anywhere (link to doco) where I can find
the meaning of these codes? or can anyone explain the meaning of these 2
extensions. The extensions were the same for all 3 sites I checked:

[Ext 0 - (class iaik.x509.UnknownExtension)]
UnknownExtension:     OBJECT ID = 2.16.840.1.113733.1.6.7
IA5String = "34c028ac3c6b51e18a3452077fc24f2c"  <<< NB: Different for
each CERT, and One did not have this.

[Ext 1 (class iaik.x509.extensions.netscape.NetscapeCertType)]
NetscapeCertType: SSL Server

[Ext 2 - (class iaik.x509.UnknownExtension)]
UnknownExtension:     OBJECT ID = 2.5.29.3
SEQUENCE[C] = 1 elements
  SEQUENCE[C] = 1 elements
    SEQUENCE[C] = 2 elements
      OBJECT ID = 2.16.840.1.113733.1.7.1.1
      SEQUENCE[C] = 4 elements
        IA5String = "This certificate incorporates by reference, and its
use is strictly subject to, the VeriSign Certification Practice
Statement (CPS), available at: https://www.verisign.com/CPS; by E-mail
at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast
Ave., Mountain View, CA 94043 USA Tel. +1 (415) 961-8830 Copyright (c)
1996 VeriSign, Inc.  All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED
and LIABILITY LIMITED."
        CONTEXTSPECIFIC[C] = [0] EXPLICIT
          OBJECT ID = 2.16.840.1.113733.1.7.1.1.1
        CONTEXTSPECIFIC[C] = [1] EXPLICIT
          OBJECT ID = 2.16.840.1.113733.1.7.1.1.2
        SEQUENCE[C] = 1 elements
          SEQUENCE[C] = 1 elements
            IA5String = "https://www.verisign.com/repository/CPS "

[Ext 3 - (class iaik.x509.extensions.BasicConstraints)]
CA: no
[Ext 4 - (class iaik.x509.extensions.ExtendedKeyUsage)]
KeyPurposeId 0:  2.16.840.1.113730.4.1


So the question is:

What are Object ID's:

2.16.840.1.113733.1.6.7
2.5.29.3

and for iaik.x509.extensions.ExtendedKeyUsage
what is KeypurposeId: 2.16.840.1.113730.4.1?

A refernce to a site ould be good.

Thanks.





-- 
-----------------------------------------------------------------------
Gil Peeters
-----------------------------------------------------------------------
--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce