EFOS End Entity Person 2, 3 OR 4 Certificates

Size: px

Start display at page:

Download "EFOS End Entity Person 2, 3 OR 4 Certificates"

Erik Berry
5 years ago
Views:

1 EFOS End Entity Person s Rev 1.0 EFOS End Entity Person 2, 3 4 s Auntication certificate Field Value Comments Source V3 (2) Serial Number Unique number Issuer Signature Algorithm sha256 WithRSAEncryption Issuer Distinguished Unique X.500 DN. CN = SEE RIGHT -> O = Swedish Social Insurance Agency C = SE CN = Person 2 v1 Person 3 v1 Person 4 v1 Validity Period Subject Distinguished Up to 60 months expressed in UTC format based on SerialNumber Given Subject: Address ( ) Subject:serialNumber ( ) subject:given ( ) This field N contain address of Subject Subject s full Swedish social security number (or equal) Social Security Number will be given in following format: YYYYMMDDXXXX Subject s marked Given IF it exists All Given s of subject if marking of Given is absent and First s exists Imported 2: Inera Personal Identity Service 3: Internal database for Sequence Numbers 2: Inera Personal Identity Service Sur Common subject: surname ( ) subject:common ( ) This field is empty if Given and First s are absent all of Subject s surnames. 2: Inera Personal Identity Service Försäkringskassan, IT-avdelningen 1 (6)

2 EFOS End Entity Person s Rev 1.0 Organization Locality Country Subject Public Key Information Issuer s Signature cn = Common name Subject s common name. Combination of Given and Surname subject:organization ( ) subject:locality ( ) subject:country ( ) 2048-bit RSA key modulus, rsaencryption ( ) sha256 WithRSAEncryption Subject s full legal organization name as listed in official records. locality/municipality of headoffice for Subject s organization as listed in official records country code for Subject s organization as listed in official records. In ISO3166 format Companies Registration Office and Central Bureau of Statistics Companies Registration Office and Central Bureau of Statistics Companies Registration Office and Central Bureau of Statistics Authority Key Identifier Subject Key Identifier Card Number Key Usage Extended Key Usage Value Octet String Same as Contains 20 byte SHA-2 Issuer's subject key identifier hash of Public Key Octet String Contains 20 byte SHA-2 Calculated by from public key hash of in PKCS#10 subjectpublickey in this certificate 19 digits 19 digits. c=yes; Digital Signature, Key Encipherment (a0) Client Auntication ( ) AND/ Smart Card Logon ( ) Critical Client Auntication AND N contain smartcardlogon and/or protection if subject has a mailbox and/or UPN at organization. Card Supplier based on Policies AND/ Secure ( ) [1] Policy: Policy Identifier= [2] Policy: Policy Identifier= SEE RIGHT-> [2,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: repository.efos.se Person 2 v1 OID Z Person 3 v1 OID Z Person 4 v1 OID Z Where Z points to specific issuance routine that was used based on Försäkringskassan, IT-avdelningen 2 (6)

3 EFOS End Entity Person s Rev 1.0 Subject Alternative UPN = YYYYMMDDNNNN@organization. se RFC822 = mailbox@organization.se Not present IF present this field N contain The Subject s User Principal formatted as subject s full Swedish social security number (or equal) and agency domain name mailbox AND/ based on CRL Distribution Point Programs principle c = no; CRL HTTP URL = SEE RIGHT -> ( ) [1] Program Policy: Principidentifierare = Client Auntication AND/ [2] Program Policy: Principidentifierare = Smart Card Logon The subject s Address as RFC822 on2v1.crl on3v1.crl on4v1.crl Client Auntication AND N contain smartcardlogon and/or protection if subject has a mailbox and/or UPN at organization. based on Authority Information Access AND/ [3] Program Policy: Principidentifierare = Secure E- Mail [1]Åtkomst till information om utfärdare Åtkomstmetod=Utgivare av certifikatutfärdare ( ) URL= SEE RIGHT-> [2]Åtkomst till information om utfärdare Åtkomstmetod=Statusprotokoll för onlinecertifikat ( ) URL= on2v1.crt on3v1.crt on4v1.crt Försäkringskassan, IT-avdelningen 3 (6)

4 EFOS End Entity Person s Rev 1.0 Signing certificate Field Value Comments Source V3 (2) Serial Number Unique number Issuer Signature Algorithm sha256 WithRSAEncryption Issuer Distinguished Unique X.500 DN. CN = SEE RIGHT-> O = Swedish Social Insurance Agency C = SE CN = Person 2 v1 Person 3 v1 Person 4 v1 Validity Period Up to 60 months expressed in UTC format Management Tool based on Subject Distinguished SerialNumber Subject:serialNumber ( ) Subject s full Swedish social security number (or equal) Social Security Number will be given in following format: YYYYMMDDXXXX Management 2: Inera Personal Identity Service 3: Internal database for Sequence Numbers Given subject:given ( ) Subject s marked Given IF it exists All Given s of subject if marking of Given is absent and First s exists Management 2: Inera Personal Identity Service Sur Common Organization subject: surname ( ) subject:common ( ) cn = Common name subject:organizationnam e ( ) This field is empty if Given and First s are absent all of Subject s surnames. Subject s common name. Subject s full legal organization Management 2: Inera Personal Identity Service Management Combination of Given and Surname Management Försäkringskassan, IT-avdelningen 4 (6)

5 EFOS End Entity Person s Rev 1.0 Locality Country Subject Public Key Information Issuer s Signature subject:locality ( ) subject:country ( ) 2048-bit RSA key modulus, rsaencryption ( ) sha256 WithRSAEncryption name as listed in official records. locality/municipality of headoffice for Subject s organization as listed in official records country code for Subject s organization as listed in official records. In ISO3166 format Companies Registration Office and Central Bureau of Statistics Management Companies Registration Office and Central Bureau of Statistics Management Companies Registration Office and Central Bureau of Statistics Value Authority Key Octet String Identifier Same as Issuer's subject key identifier Subject Key Identifier Octet String Calculated by from public key in PKCS# Card Number Key Usage Extended Key Usage Policies Contains 20 byte SHA-2 hash of Public Key Contains 20 byte SHA-2 hash of subjectpublickey in this certificate 19 digits 19 digits. c=yes; nonrepudiation (40) ( ) [1] Policy: Policy Identifier= [2] Policy: Policy Identifier=SEE RIGHT -> [2,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: repository.efos.se Critical Person 2 v1 OID Z Person 3 v1 OID Z Person 4 v1 OID Z Where Z points to specific issuance routine that was used Card Supplier Management Tool based on CRL Distribution Point c = no; CRL HTTP URL = SEE RIGHT -> o n2v1.crl o n3v1.crl o n4v1.crl Försäkringskassan, IT-avdelningen 5 (6)

6 EFOS End Entity Person s Rev 1.0 Programs principle Authority Information Access [1] Program Policy: Principidentifierare = [1]Åtkomst till information om utfärdare Åtkomstmetod=Utgivare av certifikatutfärdare ( ) URL= SEE RIGHT -> [2]Åtkomst till information om utfärdare o n2v1.crt o n3v1.crt o n4v1.crt Åtkomstmetod=Statuspro tokoll för onlinecertifikat ( ) URL= Försäkringskassan, IT-avdelningen 6 (6)

EFOS End Entity HSA Person 2-4 Certificates

EFOS End Entity HSA Person 2-4 Certificates Auntication certificate Field Value Comments Source V3 (2) Serial Number Unique number Issuer Signature Algorithm (1.2.840.113549.1.1.11 ) Issuer Unique X.500