Connecting the world and beyond
Advanced Search
ITU
General Secretariat
Radiocommunication
Standardization
About ITU-T
Events
All Groups
Standards
Resources
BSG
Study Groups
Regional Presence
Join Us
MyWorkspace
Development
News
Members' Zone
Join ITU
Security, authentication, and cryptography
Rollup Image
You are here
ITU
>
Homepage
>
ITU-T
>
ASN.1 Project
Share
Project
Introduction to ASN.1
Short introduction
Myths about ASN.1
Application fields of ASN.1
Defects and Technical Corrigenda on ASN.1 2015 Edition
Tools
The Encoding control notation
Tutorial
ECN specification for Bluetooth SDP
ECN specification for UMTS RRC protocol
XML encoding rules
XML encoding rules (XER) for ASN.1
Mapping from XML Schemas to ASN.1 modules
Why using ASN.1 as a binary encoding for XML
Fast Web Services
Advantages of Fast Web Services
Fast Infoset
OID Project
UUIDs
More on ASN.1 and XML
Page Content 10
Digital certificates provide an important element of security. One of the most popular standards specifying the contents of a digital certificate is X.509. A certificate is a document, issued by a trusted agent, stating that the public key of the person named in the document has a certain value. You are most likely to encounter certificates when you use a web browser. The Recommendation
ITU-T X.509
specifies a certificate using ASN.1 and encodes it using DER.
Similarly the Public Key Cryptography Standard
PKCS
#7 describes with ASN.1 the syntax of
a digitally signed and/or
encrypted
message, whose encryption key information and
with digital signature information is encoded in BER. The standard was produced in 1991 by a consortium of computer manufacturers and the MIT.
Secure Sockets Layer (SSL) was originally developed by Netscape. The Transport Layer Security 1.0 (
RFC 2246
) standard was based on SSLv3 and was written to standardize the popular and widely used SSL protocol within the IETF, mandating the use of freely available algorithms.
Secure/Multipurpose Internet Mail Extensions (S/MIME,
RFC 2630
) specifies a way of sending and receiving secure email. It provides authentication, message integrity, non-repudiation and confidentiality, by the use of digital signatures and encryption using Public Key Cryptography. It is fundamentally based on the Cryptographic Message Syntax (CMS) specification (
RFC 2630
) which specifies encapsulation syntax for such cryptographically enhanced data. CMS is derived from PKCS#7 (
RFC 2315
) and is heavily based on ASN.1 data structures.
Any protocol making use of RSA encryption (
RFC 2313
) will generally be using ASN.1 for handling the RSA keys, certificates and signatures, and this includes the already mentioned SSL/TLS and S/MIME. In addition, protocols making use of other forms of Public Key Cryptography, such as Diffie-Hellman and DSS will generally be using encodings based on PKCS#1. Indeed, this is the case for the Internet Key Exchange (IKE,
RFC 2409
) which is used with IPsec Virtual Private Networks (VPNs) in cases where certificates are required because pre-shared secrets are either not considered secure enough or cannot scale sufficiently.
SET (Secure Electronic Transaction) is a standard developed by a consortium of US companies (Mastercard, Visa, American Express, Netscape, IBM, and others) to secure financial exchanges over the Internet. It is based on the public-key cryptography standard PKCS#7 and on the X.509 Directory
[ITU-T X.509
]. It provides the following services: confidentiality of the information of the transaction, integrity of the transferred data, and authentication of the account owner and of the business party.
The French national organization
GIE Cartes Bancaires
, in charge of creating specifications for cards, developed a standard, adapted from the SET standard and called
C-SET
(Chip-SET). This standard, which is also specified in ASN.1, relies on the card itself to secure the transaction and thus avoids the exchange of authentication certificates.
The computer network authentication protocol
Kerberos
, developed by the Massachusetts Institute of Technology (MIT), is designed for securing data exchanges within the network of a university or any other organization. Starting with the fifth version of Kerberos, the data transfers have been specified in ASN.1.
Page Content 2
Page Content 3
Page Content 4
Page Content 5
Page Content 17
Page Content 18
Page Content 19
Page Content 20
More...
Page Content 11
RFC 1510
RFC 1964
Page Content 12
Page Content 13
Page Content 15
Page Content 6
Page Content 7
Page Content 8
Page Content 14
Page Content 16
Follow us
Twitter
Facebook
YouTube
Flickr
Linkedin
Instagram
Soundcloud
Podcasts
Spotify
Spreaker
TikTok