EuroPKI technical notes
home certification
authority (CA)		 technical
notes		 FAQ and
troubleshooting		 competence
center		 partners workshop
series

The Data Representation formats:
Base64
is printable symbols (6 bits) encoded message for a data transmissions via communications which don't support more then 6 bit encoded data transfers
PEM
is Base64 format with a special additional fields in the begin and in the end such as
-----BEGIN CERTIFICATE-----
some Base64 encoded data
(a digital certificate in this example)
-----END CERTIFICATE-----.
is using for a certificate export/import operations into some browsers such as Netscape Navigator/Communicator via HTTP protocol. In this case every type of PEM encoded data is recognizing by its MIME types.
is using for downloading the certificate into some servers such as:
WWW
Netscape Server
Microsoft Internet Information Server (in this case you should use PKCS7 instead of CERTIFICATE in armors)
Apache/SSL Server
Apache/SSL Server
SQL
Oracle
UUENCODE
is 7bits encoded message originated for use between users of UNIX systems (its name stood for "UNIX-to-UNIX encoding").
is available or easily obtainable for use in all operating systems and most e-mail applications provide it as an encoding alternative, especially for e-mail attachments.

BACK

The Data Structure formats:

All of the certificates we are managing are x509v1 (basic fields) or x509v3 formats (has some additional fields such as Extension Fields). PKCS#7:
is using by some email clients (Netscape Messenger) for sending a certification request. The dataflow can be encrypted (for more info see PKCS#7: Cryptographic Message Syntax Version 1.5)
PKCS#10
is using by some email clients (MS Internet Explorer) for sending a certification request. The dataflow can be encrypted (for more info see PKCS#10: Certification Request Syntax Version 1.5)
PKCS#12:
is using for private key-certificate export/import operations by most popularly clients, which are using an electronic certificate. The dataflow must be encrypted by passphrase depending on client realization

BACK

The Policy Mapping
The EuroPKI Certification Policy has the Object Identification Number (OID) 1.3.6.1.4.1.5255.1.1.1 that can be interpreted as:
Actual assigmentActual valueCan be assigned
ISO1ITU{0}/ISO{1}/Joint-ISO-ITU{2}
Identified-Organization3Standard{0}/Registration-Authority{1}/Member-Body{2}/Identified-Organization{3}
US Department of Defense6 ...
Internet1 ...
Private4 ...
IANA registered private enterprises1 ...
EuroPKI5255 ...
EuroPKI Certification Policy1 ...
Major version1 ...
Minor version1 ...
BACK

The Certificate Fingerprint
The Certificate Fingerprint is a digest (hash function) of a certificate in x509 binary format. It can be calculated by different algorithms such as SHA1 for MS Internet Explorer (there it's called Thumbprint) or MD5 for Netscape Navigator.

BACK

The Netscape's extension for certificate applications

The Netscape limits the applications for a certificate by the "netscape-cert-type extension". If the extension exists in a certificate, it will limit the uses of the certificate to those specified. If the extension is not present, the certificate can be used for all applications except Object Signing. The value is a bit-string, where the individual bit positions are defined as:
More about Certtificate Extensions see http://developer.netscape.com/docs/manuals/cms/41/dep_gide/ext.htm.
BACK


The EuroPKI Web site is managed by the Security Group of the Politecnico di Torino

Last update: Thursday, 23-Nov-2000 17:36:16 MET