X.509 Encoding of Diffie-Hellman Public Values


Ashar Aziz
Tom Markson
Hemma Prafullchandra
Sun Microsystems, Inc.

Abstract

This document describes the ASN.1 encoding of the CCITT 1988 X.509 certificate with Diffie-Hellman public values for use.


1. Encoding of Diffie-Hellman Public Values

2. Encoding of the Distinguished Name (DN)

3. Security Considerations

4. Acknowledgments

5. References


1. Encoding of Diffie-Hellman Public Values

The X.509 certificate format is defined by the following ASN.1 syntax:

Certificate ::= SIGNED SEQUENCE {
version [0]  Version DEFAULT v1988,
serialNumber  CertificateSerialNumber,
signature  AlgorithmIdentifier,
issuer  Name,
validity  Validity,
subject  Name,
subjectPublicKeyInfo SubjectPublicKeyInfo

}

Version ::= INTEGER { v1988(0) }

CertificateSerialNumber ::= INTEGER

Validity ::= SEQUENCE {
notBefore UTCTime,
notAfter UTCTime
}
 
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
 
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}

The encoding of a Diffie-Hellman public value in an X.509 certificate is in the form of an INTEGER. The algorithm identifier is as defined in PKCS #3 [3].

Thus,

DHPublicKey ::= INTEGER

AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER SEQUENCE {
prime INTEGER, -- p
base INTEGER, -- g
privateValueLength INTEGER OPTIONAL
}
}

with the OBJECT IDENTIFIER value being,

dhKeyAgreement OBJECT IDENTIFIER ::= {
iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) 3 1 }

The DHPublicKey gets encapsulated as the BIT STRING in SubjectPublicKeyInfo of an X.509 certificate in the following manner. First the DHPublicKey is encoded as an INTEGER, and then this INTEGER is encoded as the payload of the BIT STRING.

The certificate and Certificate Revocation List (CRL) encoding is the same as in RFC 1422. CRLs can be used with SKIP in accordance with each site's certificate or CRL management policies.

2. Encoding of the Distinguished Name (DN)

When the name space is the IP address space, a certificate is allowed to bind multiple IP addresses to a single public value to accommodate cases where a single IP node has multiple IP addresses. The SEQUENCE-OF construct in a DN readily allows for this. What is needed is an ASN.1 OBJECT IDENTIFIER for an AttributeType specifying an IP address.

This is defined here as,

ipAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX
PrintableString (SIZE(1 .. ub-ipAddress))
::= { 1, 3, 6, 1, 4, 1, 42, 2, 11, 2, 1 }

ub-ipAddress ::= 256

The DN in the certificate can contain multiples of these by iterating on the SEQUENCE-OF construct of the Relative Distinguished Name Sequence.

The PrintableString contains either the hexadecimal representation or standard dot notation representation of an IP address. Note that all three conventional forms for representing IPv6 addresses [7] as text strings are allowed by this definition.

When individual users are identified using DNs, then the certificate naturally contains their DNs. The SKIP protocol specification [5] describes how DNs can be used with SKIP, by identifying the DN name space using the source and destination NSID bytes in the SKIP header.

3. Security Considerations

Security issues are not discussed in this document.

4. Acknowledgments

The authors would like to thank all of the people who helped make this report possible.

5. References

[1] CCITT Recommendation X.208 (1992), Abstract Syntax Notation One

[2] CCITT Recommendation X.509 (1988), The Directory-- Authentication Framework

[3] Public Key Cryptography Standards, PKCS#s 1-11 from RSA Data Security Inc., Redwood City, CA, ftp://ftp.rsa.com/pub/pkcs

[4] Kent, S., Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management, RFC 1422

[5] Aziz, A., Markson, T., Prafullchandra, H., Simple Key-management for Internet Protocols, October 1996

[6] NIST OIW Stable Implementors Workshop, September 1994, Part 12--OS Security

[7] Hinden, R., Deering, S., IP Version 6 Addressing Architecture, Work in Progress