Certification Policy of Issuance Reports Manager and PKI Operator Certificates. Certificate Profile

Transcription

1 Maltese Registrar of Companies Number C75870 and VAT number MT and PKI Operator Certificates. Certificate Profile ANF AC MALTA, LTD B2 Industry Street, Qormi, QRM 3000 Malta Telephone: (+356) Fax:(+356) Web:

2 Security Level Public Document Important Notice This document is property of ANF AC MALTA Distribution and reproduction prohibited without authorization by ANF AC MALTA Copyright ANF AC MALTA 2016 Address: B2, Industry Street, Qormi, QRM 3000 (Malta) Telephone: (+356) Fax: (+356) Web: 2

3 Issuance Reports Manager and PKI Operator Certificates () (SIGNATURE) (ENCRYPTION) TOKEN BY SOFTWARE - HSM TOKEN Field Value Crít Mandatory Version 2 = (V3) Serial number SignatureAlgorithm sha256withrsaencryption SignatureHashAlgor ithm sha256 Common Name (CN) e.g. ANF Trusted ID CA1 SERIALNUMBER MT Organisation Identifier This is the VAT number. At present ANF AC does not include it Issuer Address (E) Organisational Unit (OU) info@anfacmalta.com Organizational unit within the Certification Services Provider responsible for the certificate issuance Organisation (O) e.g. ANF AC Malta, Ltd Locality (L) State (ST) e.g. Qormi (see current address at e.g. Qormi Country (C) e.g. MT AuthorityCertIssuer AuthorityCertSerial Number Identifier of the issuer entity key Authority KeyIdentifier Issuer Alternative Name Valid from NotBefore Valid until NotAfter Hash with SHA1 of the public key used to sign the certificate 3

4 Subject Subject's National / Foreign Citizen ID Card Country (C) Subject's country = subscriber Locality (L) Subject's city State (ST) Subject's state Address (E) SERIAL NUMBER (SN) OrganizationIdentifier Given Name (G) SurName (SN) Common Name (CN) Subject's E.g.: IDCMT A. 3 characters to indicate the document number (IDC= national identity document) + 2 characters to identify the country (MT) + ID number The certificate must include at least= Serial Number or OrganizationIdentifier (VAT number), e.g. VATMT Name of subject, according to identity document (National/Foreign Citizens ID Card / Passport) Surname(s) of the subject. First surname, blank space, second surname of the person responsible for the certificate in accordance with the National ID Card or in case of a foreigner the passport Full name + Subject's National/Foreign Citizen ID Card Issuance Reports Manager Certificate (AUTENTICATION) Subject (all fields encoded using UTF-8) Organisational Unit (OU) SIGNATURE ENCRYPTION Issuance Reports Manager Certificate (SIGNATURE) Issuance Reports Manager Certificate (ENCRYPTION) PKI Operator Certificate () SIGNATURE PKI Operator Certificate (SIGNATURE) ENCRYPTION PKI Operator Certificate (ENCRYPTION) Organisation (O) Title (T) e.g.: O = ANF Autoridad de Certificación e.g. lawyer Description SubjectAlternativeName e.g.: peter@cial.com 4

5 DNSName Directory Name SubjectAlternativeN ame Full name of a natural or legal person, who grants a representation to the subscriber First name of the natural person granting a representation to the subscriber Surnames of the natural person granting a representation to the subscriber VAT number / National / Foreign Citizens ID Card of the legal entity or natural person that grants a representation to the subscriber Subscriber's name Subscriber's Surname Subscriber's Surname e.g.: National / Foreign Citizen ID Card e.g.: Maltese SubjectDirectoryAttributes Description TelephoneNumber Facsimile StreetAddress PostalAddress PostalCode e.g.: SHA256-gsq33wq/udldyk5ZN84paMeYx SubjectDirectoryAttr ibutes knowldgeinformation e.g.: + (RA locator =OID ) Pseudonym (chosen by the subscriber) Full name of the country to which the issuance corresponds e.g. Qualified certificate e.g. Purchase contracts signing e.g e.g. euros e.g. QRM

6 Level 1 Recognized Registration Authority Issuance Reports Manager Level 2 Recognized Registration Authority e.g Authorized PKI Operator e.g. Consultancy Harbinger e.g. legal department e.g.= 8&1EB4F96F HSM Token Model e.g.: AR Manager desktop v Subject Key Identifier SubjectPublic KeyInfo e.g e.g Hash in SHA1 of the public key used for signing the certificate RSA (2048) NIST P-256 [1] Access to authority information Access to issuer entity information AccessMethod [1] Access method = On line certificate status protocol ( ) AccessLocation [1] Alternative name: URL address = AccessMethod [2] AccessLocation [2] URL address= [1] CRL distribution point CRL distribution points crldistributionpoint [1] Distribution point name: Full name: URL address DistributionPoint [2] DistributionPoint [3] QcCompliance Present if the certificate is issued with the recognized qualification. Annex I eidas QcSSCD only included in type SIGNATURE ONLY if the device is SSCD Secure Signature Creation Device (SSCD) 6

7 ONLY in the profile (SIGNATURE), QcType- esign SIGNATURE QcType 1 QcType 1is outlined Qualified Certificate Statement TSI EN , antes ETSI TS QcPDS QcLimitValue ETSI EN Limit amount of liability assumed by the issuer expressed in EUROS Integer: =15 ([ETSI EN ] QcRetentionPeriod Describes the conservation period of all information, relevant to the use of a certificate, after its expiration) semnaticsid-natural To indicate the semantics of a natural person defined by the EN IRM Certificate () = Identifier IRM Certificate (SIGNATURE) = Certificate Policies IRM Certificate (ENCRYPTION) = PKI Operator Certificate () = PKI Operator Certificate (SIGNATURE) 7

8 = PKI Operator Certificate (ENCRYPTION) = CPSLocation User notice [1,1] certifier information: certifier ID =CPS Certifier: [1,2] certifier information: certifier ID = User notice Certifier: Notice text = Certificate in compliance with electronic signature legislation. Before accepting it verify integrity, limitations, validity, and authorized uses. Identifie r ONLY FOR SIGNATURE TYPE HSM TOKEN qcp-natural-qscd ( ) SOFTWARE TOKEN qcp-natural ( ) PrivateOrganization Fields conditioned by the use of the certificate BusinessCategory JurisdictionOfIncorporationL ocalityname JurisdictionOfIncorporationSt ateorprovincename JurisdictionOfIncorporationC ountryname Type of matter =End entity GovernmentEntity BusinessEntity Non-commercialEntity Locality Province Country Basic Constraints Route Length Restriction =None CA = FALSE Certificate type: SIGNATURE Non-repudiation (c0) KeyEncipherment, dataencipherment Key usage Certificate type: Electronic signature, Non-repudiation (c0) KeyEncipherment, dataencipherment Certificate type: ENCRYPTION KeyEncipherment, 8

9 dataencipherment Extended key usage Signature / Authentication Client authentication Secure mail Identification algorithm Signature Value Digital fingerprint sha1 9