Consider the details of the X.509 certificate shown below. a. Identify the key e
ID: 3713453 • Letter: C
Question
Consider the details of the X.509 certificate shown below.
a. Identify the key elements in this certificate, including the owner’s name and public key, its validity dates, the name of the CA that signed it, and the type and value of signature.
b. State whether this is a CA or end-user certificate, and why.
c. Indicate whether the certificate is valid or not, and why.
d. State whether there are any other obvious problems with the algorithms used in this certificate.
Certificate:
Data: Version: 3 (0x2)
Serial Number: 3c:50:33:c2:f8:e7:5c:ca:07:c2:4e:83:f2:e8:0e:4f
Signature Algorithm: md5WithRSAEncryption
Issuer: O=VeriSign, Inc.,
OU=VeriSign Trust Network,
CN=VeriSign Class 1 CA Individual - Persona Not
Validated
Validity Not Before: Jan 13 00:00:00 2000 GMT
Not After : Mar 13 23:59:59 2000 GMT
Subject: O=VeriSign, Inc.,
OU=VeriSign Trust Network,
OU=Persona Not Validated,
OU=Digital ID Class 1 - Netscape
CN=John Doe/Email=john.doe@adfa.edu.au
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:98:f2:89:c4:48:e1:3b:2c:c5:d1:48:67:80:53:
d8:eb:4d:4f:ac:31:a9:fd:11:68:94:ba:44:d8:48:
46:0d:fc:5c:6d:89:47:3f:9f:d0:c0:6d:3e:9a:8e:
ec:82:21:48:9b:b9:78:cf:aa:09:61:92:f6:d1:cf:
45:ca:ea:8f:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.1.1
CPS: https://www.verisign.com/CPS
X509v3 CRL Distribution Points:
URI:http://crl.verisign.com/class1.crl
Signature Algorithm: md5WithRSAEncryption
5a:71:77:c2:ce:82:26:02:45:41:a5:11:68:d6:99:f0:4c:ce:
7a:ce:80:44:f4:a3:1a:72:43:e9:dc:e1:1a:9b:ec:64:f7:ff:
21:f2:29:89:d6:61:e5:39:bd:04:e7:e5:3d:7b:14:46:d6:eb:
8e:37:b0:cb:ed:38:35:81:1f:40:57:57:58:a5:c0:64:ef:55:
59:c0:79:75:7a:54:47:6a:37:b2:6c:23:6b:57:4d:62:2f:94:
d3:aa:69:9d:3d:64:43:61:a7:a3:e0:b8:09:ac:94:9b:23:38:
e8:1b:0f:e5:1b:6e:e2:fa:32:86:f0:c4:0b:ed:89:d9:16:e4:
a7:77 23.4
Explanation / Answer
Considering the given certificate the questions have been answered:
a) Key elements in X.509 certificate is
owner name: John Doe
public key: a 512-bit key
validity dates: Validity Not Before: Jan 13 00:00:00 2000 GMT, Not After : Mar 13 23:59:59 2000 GMT
name of CA signed: VeriSign Trust Network
Type and value: End-user certificate
b) The given certificate is not CA it is an end-user certificate. In the end user certificate all the information about the
certificate is present for supposing validity date, the algorithm used etc.
c) This certificate is valid only for the below dates
Validity Not Before: Jan 13 00:00:00 2000 GMT
Not After : Mar 13 23:59:59 2000 GMT
The above dates say that the certificate is valid only for those dates.
d) The algorithms used in this certificate is RSA Algorithm which is a public key encryption algorithm. This algorithm works on the principle of using modulo operator to calculates secret kets. This is secure and reliable. The only problem with this algorithm is performed operations on the public key and for some N values, the factors are unknown.