EFOS End Entity Mobile ID Certificates

Size: px

Start display at page:

Download "EFOS End Entity Mobile ID Certificates"

Abraham Harrington
5 years ago
Views:

1 EFOS End Entity Mobile ID Certificates Authentication certificate Field Value Comments Source V3 (2) Serial Number Unique number Issuer Signature Algorithm Issuer Distinguished Validity Period Unique X.500 DN. CN = Swedish Public Sector Mobile ID v1 O = Swedish Social Insurance Agency C = SE Up to 24 months expressed in UTC format Tool based on templates Subject Distinguished SerialNumber Given Subject:serialNumber ( ) subject:given ( ) Subject s full Swedish social security number (or equal) Social Security Number will be given in the following format: YYYYMMDDXXXX Subject s marked Given IF it exists OR All Given s of the subject if marking of Given is absent and First s exists 3: Internal database for Sequence Numbers Sur Common Organization subject: surname ( ) subject:common ( ) cn = Common name subject:organizationnam e ( ) This field is empty if Given and First s are absent all of the Subject s surnames. Subject s common name. Subject s full legal organization Combination of Given and Surname Försäkringskassan, IT-avdelningen 1 (6)

2 Locality Country Subject Public Key Information Issuer s Signature subject:locality ( ) subject:country ( ) 2048-bit RSA key modulus, rsaencryption ( ) name as listed in the official records. locality/municipality of the headoffice for the Subject s organization as listed in the official records country code for the Subject s organization as listed in the official records. In ISO3166 format Extension Value Authority Key Octet String Identifier Same as Issuer's subject key identifier Subject Key Identifier Octet String Calculated by from public key in PKCS#10 Key Usage Extended Key Usage Certificate Policies CRL Distribution Point Programs principle c=yes; Digital Signature, Key Encipherment (a0) Client Authentication ( ) [1]Certificate Policy: Policy Identifier= [2]Certificate Policy: Policy Identifier= SEE RIGHT -> [2,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: repository.efos.se c = no; CRL HTTP URL = bileidv1.crl ( ) [1] Program Certificate Policy: Principidentifierare = Client Authentication hash of the Public Key hash of the subjectpublickey in this certificate Critical Client Authentication Y.Z Where Y points to the Level of Assurance for the Identity and Z points to the specific issuance routine that was used Client Authentication Tool based on templates Tool based on templates Tool based on templates Authority Information Access Försäkringskassan, IT-avdelningen 2 (6)

3 [1]Åtkomst till information om utfärdare Åtkomstmetod=Utgivare av certifikatutfärdare ( ) URL= bileidv1.crt [2]Åtkomst till information om utfärdare Åtkomstmetod=Statuspro tokoll för onlinecertifikat ( ) URL= Försäkringskassan, IT-avdelningen 3 (6)

4 Signing certificate Field Value Comments Source V3 (2) Serial Number Unique number Issuer Signature Algorithm Issuer Distinguished Validity Period Unique X.500 DN. CN = Swedish Public Sector Mobile ID v1 O = Swedish Social Insurance Agency C = SE Up to 24 months expressed in UTC format Tool based on templates Subject Distinguished SerialNumber Given Subject:serialNumber ( ) subject:given ( ) Subject s full Swedish social security number (or equal) Social Security Number will be given in the following format: YYYYMMDDXXXX Subject s marked Given IF it exists OR All Given s of the subject if marking of Given is absent and First s exists 3: Internal database for Sequence Numbers Sur Common Organization Locality subject: surname ( ) subject:common ( ) cn = Common name subject:organizationnam e ( ) subject:locality ( ) This field is empty if Given and First s are absent all of the Subject s surnames. Subject s common name. Subject s full legal organization name as listed in the official records. locality/municipality of the Combination of Given and Surname Försäkringskassan, IT-avdelningen 4 (6)

5 Country Subject Public Key Information Issuer s Signature subject:country ( ) 2048-bit RSA key modulus, rsaencryption ( ) headoffice for the Subject s organization as listed in the official records country code for the Subject s organization as listed in the official records. In ISO3166 format Extension Value Authority Key Octet String Identifier Same as Issuer's subject key identifier Subject Key Identifier Octet String Calculated by from public key in PKCS#10 Key Usage Extended Key Usage Certificate Policies c=yes; nonrepudiation (40) ( ) [1]Certificate Policy: Policy Identifier= [2]Certificate Policy: Policy Identifier=SEE RIGHT -> [2,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: repository.efos.se hash of the Public Key hash of the subjectpublickey in this certificate Critical Y.Z Where Y points to the Level of Assurance for the Identity and Z points to the specific issuance routine that was used Tool based on templates Tool based on templates CRL Distribution Point Programs principle Authority Information Access c = no; CRL HTTP URL = bileidv1.crl [1] Program Certificate Policy: Principidentifierare = [1]Åtkomst till information om utfärdare Tool based on templates Åtkomstmetod=Utgivare av certifikatutfärdare ( ) URL= Försäkringskassan, IT-avdelningen 5 (6)

6 bileidv1.crt [2]Åtkomst till information om utfärdare Åtkomstmetod=Statuspro tokoll för onlinecertifikat ( ) URL= Försäkringskassan, IT-avdelningen 6 (6)

EFOS End Entity Person 2, 3 OR 4 Certificates

EFOS End Entity Person 2, 3 OR 4 Certificates EFOS End Entity Person s 2017-06-15 Rev 1.0 EFOS End Entity Person 2, 3 4 s Auntication certificate Field Value Comments Source V3 (2) Serial Number Unique number Issuer Signature Algorithm sha256 WithRSAEncryption