Software developed
-
Extended version of Openssl Openssl Extended
This distribution is an extended version of OpenSSL, that includes X.509 Attribute Certificate functionality.
-
Attribute Authority Operator(AAO) executable
AAO is a graphical program, implemented based on GTK and the extension of OpenSSL, to perform the task of an Attribute Authority (AA). At the present time, the software has already been developed, although it is necessary to translate the interface into English.
OpenPMI
The aim of the OpenPMI proposal is to build an open Privilege Management Infrastructure (PMI) following the ITU-T, PKIX and ETSI recommendations.
Attribute Certificate support to OpenSSL
The first step is to include X.509 Attribute Certificate support to OpenSSL and build a "small" AA command line. The following figures show the sentences needed to create and visualize an X.509 Attribute Certificate.Figure 1. X509AT is the new command in our extended OpenSSL to process X.509 Attribute Certificate functions.
Figure 2. Options of X509AT command.
Figure 3. Creating an X.509 Attribute Certificate with baseCertificateID identification.
openssl x509AT -config c:\openssl.cnf -AA c:\AA.crt -AAkey c:\AA.key -User c:\monte.crt -out userB.crt -Attribute c:\Attribute.txt -HolderT 1
- AA option sets the Attribute Authority certificate
- AAkey option sets the Attribute Authority key used to sign the attribute certificate
- User option sets the user X.509 Identity Certificate, used to get identity information (see option HolderT)
- Out option sets where to store the X.509 Attribute Certificate
- Attribute option sets where to read the file that contains the attributes to include in the certificate (see format)
- HolderT option allows the tree option of the holder field to be used.
- 0 entityName - default
- 1 baseCertificateID
- 2 objectDigestInfo - Identity certify hash
- 0 entityName - default
# comments
# OID = attribute value
2.5.4.35 = pazzword
2.23.42.2.7.11 = 010203941212328237
Figure 4. Creating an X.509 Attribute Certificate with entityName identification.
Figure 5. The attributes of an X.509 Attribute Certificate.
openssl x509AT -config c:\openssl.cnf -in c:\userA.crt -attributes
Figure 6. An X.509 Attribute Certificate in text mode.
openssl x509AT -config c:\openssl.cnf -in c:\userA.crt -text
Figure 7. Holder field of an X.509 Attribute Certificate.
openssl x509AT -config c:\openssl.cnf -in c:\userA.crt -holder
Using an ASN.1 Graphical Editor
The X.509 Attribute Certificates used are userA.crt, userB.crt and userC.crt.
Figure 8. Using an ASN.1 Graphical Editor
Figure 9. Using an ASN.1 Graphical Editor (2)
Attribute Authority Operator(AAO)
AAO is a graphical program, implemented based on GTK and the extension of OpenSSL, to perform the task of an Attribute Authority (AA). At the present time, the software has already been developed, although it is necessary to translate the interface into English.Figure 10. AAO in Spanish