cnpkcs10v1_7(认证请求语法标准)

常见数字证书类型1 数字证书1.1 概述 数字证书就是互联⽹通讯中标志通讯各⽅⾝份信息的⼀串数字，提供了⼀种在Internet上验证通信实体⾝份的⽅式，数字证书不是，⽽是⾝份认证机构盖在数字⾝份证上的⼀个章或印（或者说加在数字⾝份证上的⼀个签名）。

它是由权威机构——CA机构，⼜称为证书授权（Certificate Authority）中⼼发⾏的，⼈们可以在⽹上⽤它来识别对⽅的⾝份。

2 证书格式2.1 证书格式分类分为2⼤类：密钥库（含私钥，也可能有公钥）和公钥证书（仅含公钥）2.1.1 密钥库⽂件格式【Keystore】格式 : JKS扩展名 : .jks/.ks描述 : 【Java Keystore】密钥库的Java实现版本，provider为SUN特点 : 密钥库和私钥⽤不同的密码进⾏保护格式 : JCEKS扩展名 : .jce描述 : 【JCE Keystore】密钥库的JCE实现版本，provider为SUN JCE特点 : 相对于JKS安全级别更⾼，保护Keystore私钥时采⽤TripleDES格式 : PKCS12扩展名 : .p12/.pfx描述 : 【PKCS #12】个⼈信息交换语法标准特点 : 1、包含私钥、公钥及其证书2、密钥库和私钥⽤相同密码进⾏保护格式 : BKS扩展名 : .bks描述 : Bouncycastle Keystore】密钥库的BC实现版本，provider为BC特点 : 基于JCE实现格式 : UBER扩展名 : .ubr描述 : 【Bouncycastle UBER Keystore】密钥库的BC更安全实现版本，provider为BC2.2.2 证书⽂件格式【Certificate】格式 : DER扩展名 : .cer/.crt/.rsa描述 : 【ASN .1 DER】⽤于存放证书特点 : 不含私钥、⼆进制格式 : PKCS7扩展名 : .p7b/.p7r描述 : 【PKCS #7】加密信息语法标准特点 : 1、p7b以树状展⽰证书链，不含私钥2、p7r为CA对证书请求签名的回复，只能⽤于导⼊格式 : CMS扩展名 : .p7c/.p7m/.p7s描述 : 【Cryptographic Message Syntax】特点 : 1、p7c只保存证书2、p7m：signature with enveloped data3、p7s：时间戳签名⽂件格式 : PEM扩展名 : .pem描述 : 【Printable Encoded Message】特点 : 1、该编码格式在RFC1421中定义，其实PEM是【Privacy-Enhanced Mail】的简写，但他也同样⼴泛运⽤于密钥管理2、ASCII⽂件3、⼀般基于base 64编码格式 : PKCS10扩展名 : .p10/.csr描述 : 【PKCS #10】公钥加密标准【Certificate Signing Request】特点 : 1、证书签名请求⽂件2、ASCII⽂件3、CA签名后以p7r⽂件回复格式 : SPC扩展名 : .pvk/.spc描述 : 【Software Publishing Certificate】特点 : 微软公司特有的双证书⽂件格式，经常⽤于代码签名，其中1、pvk⽤于保存私钥2、spc⽤于保存公钥2.3 常⽤证书⽂件格式 CA中⼼普遍采⽤的规范是X.509[13]系列和PKCS系列，其中主要应⽤到了以下规范：2.3.1 X.509（1993） X.509是由国际电信联盟（ITU-T）制定的数字证书标准。

pkcs10certificationrequest 公钥-回复题目：PKCS10 Certification Request公钥摘要：PKCS10（公钥证书请求语法）是一种密钥生成应用程序接口（API），用于提交公钥证书请求给证书颁发机构（CA）。

本文将一步一步介绍PKCS10 Certification Request公钥的相关概念、步骤和应用，以及与其他证书请求格式的比较。

引言：公钥证书在现代的互联网通信中扮演着重要的角色，它用于认证和加密通信。

PKCS10 Certification Request是一种用于生成公钥证书请求的规范，它定义了证书的格式、内容和结构。

本文将详细解释PKCS10 Certification Request公钥的相关概念和应用。

一、PKCS10 Certification Request公钥的定义PKCS10 Certification Request是一种以ASN.1（抽象语法记法一）为基础的格式，用于将公钥证书请求信息编码成二进制形式。

ASN.1是一种标准的描述消息结构的语法，它定义了数据结构以及如何在计算机网络中进行编码和传输。

二、PKCS10 Certification Request的生成步骤1. 生成密钥对：首先，需要生成一对密钥，包括公钥和私钥。

这对密钥通常使用RSA算法或椭圆曲线加密（ECC）算法生成。

2. 构建证书请求：使用生成的密钥对，将待请求的证书信息填入PKCS10 Certification Request的各个字段中。

这些字段包括申请者的名称、公钥、密钥用法等。

3. 编码证书请求：将构建好的证书请求信息使用ASN.1进行编码，生成二进制形式的PKCS10 Certification Request。

4. 提交证书请求：将生成的证书请求发送给证书颁发机构（CA），以便后续的证书签发流程。

通常，证书请求会经过加密和签名等处理，确保请求的安全性和可信度。

公钥密码标准(Public-Key Cryptography Standards)Hanyil整理编写 保留版权由于公钥密码被广泛接受已成为事实，如果要将其发展成为广泛应用的技术，就必须有支持互操作的标准。

即便是所有的用户都认同公钥密码技术，使各种不同的实现版本相兼容也是必然的。

互操作性要求严格按照一个获得认可的标准格式来传输数据，这里所描述的标准就为互操作性提供了基础。

这里描述的标准被称为公钥密码标准(Public-Key Cryptography Standards，PKCS)。

这个标准涵盖了RSA密码、Diffie-Hellman 密钥交换、基于口令的加密、扩展证书语法、密码报文语法、私钥信息语法、认证请求语法、选择性属性，密码令牌以及椭圆曲线密码等内容。

公钥密码标准PKCS是由RSA实验室与其它安全系统开发商为促进公钥密码的发展而制订的一系列标准，是最早的公钥密码标准，也是公钥密码发展过程中最重要的标准之一。

自1991年作为一份会议结果，由早期的公钥密码使用者公布以来，PKCS文档已经被广泛引用和实现。

许多正式和非正式工业标准部分内容的制订都参照了PKCS，如ANSI X9, PKIX, SET, S/MIME, 和SSL等。

RSA实验室在标准制订过程中起了很重要的作用：发布了认真撰写的标准描述文档；保持了标准制订过程的决策权威；负责收集其它开发者所提出的修改和扩充意见；适时发布标准的修订版；提供了实现该标准的参考资料和指导。

PKCS目前共发布过15个标准，每个标准都经过数次修订，部分文档还在不断的修改和制订中。

15个标准如下：•PKCS #1: RSA Cryptography Standard RSA密码标准•PKCS #2:已合并入1。

•PKCS #3: Diffie-Hellman Key Agreement Standard DH密钥交换标准•PKCS #4:已并入1。

•PKCS #5: Password-Based Cryptography Standard基于口令的密码标准•PKCS #6: Extended-Certificate Syntax Standard证书扩展语法标准•PKCS #7: Cryptographic Message Syntax Standard密文信息语法标准•PKCS #8: Private-Key Information Syntax Standard私钥信息语法标准•PKCS #9: Selected Attribute Types•PKCS #10: Certification Request Syntax Standard认证请求语法标准•PKCS #11: Cryptographic Token Interface Standard密码令牌接口标准•PKCS #12: Personal Information Exchange Syntax Standard个人信息交换语法标准•PKCS #13: Elliptic Curve Cryptography Standard椭圆曲线密码标准•PKCS #14: Random Number Generation Standards （伪随机数生成标准）• PKCS #15: Cryptographic Token Information Format Standard 密码令牌信息格式 PKCS #标准 13 5678910111215其它标准 自由算法语法：数字签名信息 xx 数字信封加密信息 x认证请求 x x数字证书X.509, RFC 1422 扩展证书 x x证书撤销列表X.509, RFC 1422 私钥加密信息x x 密码令牌x x 个人交换信息x 密钥交换信息 [ISO90a], [ISO90b]特定算法语法： RSA 公钥 xRSA 私钥 x算法： 消息摘要：MD2, 5 RFCs 1319, 1321私钥加密：DES RFC 1423, [NIST92a] 公钥加密：RSA x签名：MD2,4,5w/RSA x基于口令的加密 x D-H 密钥交换 xPKCS 与其它标准对比PKCS#1 RSA 密码标准1.0 – 1.3版是为参加RSA 数据安全公司1991年2月和3月的公开密钥密码标准会议而发布的。

PKCS15个标准PKCS 全称是 Public-Key Cryptography Standards ，是由 RSA 实验室与其它安全系统开发商为促进公钥密码的发展⽽制订的⼀系列标准。

可以到官⽹上看看PKCS ⽬前共发布过 15 个标准：（1）PKCS#1：RSA加密标准。

PKCS#1定义了RSA公钥函数的基本格式标准，特别是数字签名。

它定义了数字签名如何计算，包括待签名数据和签名本⾝的格式；它也定义了PSA公/私钥的语法。

（2）PKCS#2：涉及了RSA的消息摘要加密，这已被并⼊PKCS#1中。

（3）PKCS#3：Diffie-Hellman密钥协议标准。

PKCS#3描述了⼀种实现Diffie- Hellman密钥协议的⽅法。

（4）PKCS#4：最初是规定RSA密钥语法的，现已经被包含进PKCS#1中。

（5）PKCS#5：基于⼝令的加密标准。

PKCS#5描述了使⽤由⼝令⽣成的密钥来加密8位位组串并产⽣⼀个加密的8位位组串的⽅法。

PKCS#5可以⽤于加密私钥，以便于密钥的安全传输（这在PKCS#8中描述）。

（6）PKCS#6：扩展证书语法标准。

PKCS#6定义了提供附加实体信息的X.509证书属性扩展的语法（当PKCS#6第⼀次发布时，X.509还不⽀持扩展。

这些扩展因此被包括在X.509中）。

（7）PKCS#7：密码消息语法标准。

PKCS#7为使⽤密码算法的数据规定了通⽤语法，⽐如数字签名和数字信封。

PKCS#7提供了许多格式选项，包括未加密或签名的格式化消息、已封装（加密）消息、已签名消息和既经过签名⼜经过加密的消息。

（8）PKCS#8：私钥信息语法标准。

PKCS#8定义了私钥信息语法和加密私钥语法，其中私钥加密使⽤了PKCS#5标准。

（9）PKCS#9：可选属性类型。

PKCS#9定义了PKCS#6扩展证书、PKCS#7数字签名消息、PKCS#8私钥信息和PKCS#10证书签名请求中要⽤到的可选属性类型。

Copyright © 1991-2000 RSA Laboratories, a division of RSA Security Inc. License to copy this document is granted provided that it is identified as “RSA Security Inc. Public-Key Cryptography Standards (PKCS)”in all material mentioning or referencing this document.PKCS #10 v1.7: Certification Request Syntax StandardRSA LaboratoriesMay 26, 2000Table of Contents1.INTRODUCTION...............................................................................................................................12.DEFINITIONS AND NOTATION.. (2)2.1D EFINITIONS (2)2.2N OTATION (3)3.OVERVIEW (3)4.CERTIFICATION REQUEST SYNTAX (4)4.1C ERTIFICATION R EQUEST I NFO (4)4.2C ERTIFICATION R EQUEST (5)A.ASN.1 MODULE (7)B.INTELLECTUAL PROPERTY CONSIDERATIONS (8)C.REVISION HISTORY (8)D.REFERENCES....................................................................................................................................9E.ABOUT PKCS...................................................................................................................................101. IntroductionThis document describes syntax for certification requests. A certification request consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification. Certification requests are sent to a certification authority, which transforms the request into an X.509 [9] public-key certificate. (In what form the certification authority returns the newly signed certificate is outside the scope of this document. A PKCS #7 [2] message is one possibility.)The intention of including a set of attributes is twofold: to provide other information about a given entity 1, or a “challenge password” by which the entity may later request certificate revocation; and to provide attributes for inclusion in X.509 certificates. A non-exhaustive list of attributes is given in PKCS #9 [3].1E.g. the postal address to which the signed certificate should be returned if electronic mail is not available.Certification authorities may also require non-electronic forms of request and may return non-electronic replies. It is expected that descriptions of such forms, which are outside the scope of this document, will be available from certification authorities.The preliminary intended application of this document is to support PKCS #7 cryptographic messages, but it is expected that other applications will be developed (seee.g. [4]).2.Definitions and notation2.1DefinitionsFor the purposes of this document, the following definitions apply.ALGORITHM: An information object class defined in X.509 to describe objects composed of an algorithm (a unique object identifier) and its parameters (any ASN.1 type). The values of objects in this class can be represented by the ASN.1 type AlgorithmIdentifier{}. ALGORITHM is defined as the “useful” information object class TYPE-IDENTIFIER, specified in [11], Annex A.AlgorithmIdentifier{}: A useful parameterized version of X.509 type AlgorithmIdentifier is defined in this document. This type tightly binds pairs of algorithm object identifiers to their associated parameter types. When referenced, the single parameter of AlgorithmIdentifier{} specifies a constraint on the pairs of values that may appear in that instance of the type. The encoded values of AlgorithmIdentifier{} are equivalent to those of type AlgorithmIdentifier.ASN.1: Abstract Syntax Notation One, as defined in the ASN.1 standards ([10], [11], [12], and [13]).ATTRIBUTE: This class describes objects composed of an attribute (a unique object identifier) and an associated set of attribute values (any ASN.1 type). The values of objects in this class can be represented by type Attribute{}.Attribute{}: A useful parameterized version of X.501 [8] type Attribute is defined in this document. This type tightly binds pairs of attribute type object identifiers to one or more attribute values types. In the ASN.1 open type notation, an attribute type is defined as ATTRIBUTE.&id and an attribute value as ATTRIBUTE.&Type. When referenced, the single parameter of Attribute{} specifies a constraint on the pairs of values that may appear in an instance of the type. The encoded values of Attribute{} are equivalent to those of type Attribute.BER: Basic Encoding Rules for ASN.1, as defined in X.690 ([14]).Certificate: A type that binds a subject entity’s distinguished name to a public key with a digital signature. This type is defined in X.509. This type also contains the distinguished name of the certificate issuer (the signer), an issuer-specific serial number, the issuer’s signature algorithm identifier, a validity period, and an optional set of certificate extensions.DER: Distinguished Encoding Rules for ASN.1, as defined in X.690. DER is a subset of BER.Name: A type that uniquely identifies or “distinguishes” objects in an X.500 [7] directory. This type is defined in X.501. In an X.509 certificate, the type identifies the certificate issuer and the certificate subject, the entity whose public key is certified.2.2NotationIn this document, all ASN.1 types and values are written in bold Helvetica.3.OverviewA certification request consists of three parts: “certification request information,”a signature algorithm identifier, and a digital signature on the certification request information. The certification request information consists of the entity's distinguished name, the entity’s public key, and a set of attributes providing other information about the entity.The process by which a certification request is constructed involves the following steps:1. A CertificationRequestInfo value containing a subject distinguished name,a subject public key, and optionally a set of attributes is constructed by anentity requesting certification.2.The CertificationRequestInfo value is signed with the subject entity’sprivate key. (See Section 4.2.)3.The CertificationRequestInfo value, a signature algorithm identifier, andthe entity's signature are collected together into a CertificationRequestvalue, defined below.A certification authority fulfills the request by authenticating the requesting entity and verifying the entity’s signature, and, if the request is valid, constructing an X.509 certificate from the distinguished name and public key, the issuer name, and the certification authority’s choice of serial number, validity period, and signature algorithm. If the certification request contains any PKCS #9 attributes, the certification authority may also use the values in these attributes as well as other information known to the certification authority to construct X.509 certificate extensions.In what form the certification authority returns the new certificate is outside the scope of this document. One possibility is a PKCS #7 cryptographic message with content type signedData, following the degenerate case where there are no signers. The return message may include a certification path from the new certificate to the certification authority. It may also include other certificates such as cross-certificates that the certification authority considers helpful, and it may include certificate-revocation lists (CRLs). Another possibility is that the certification authority inserts the new certificate into a central database.Note 1 – An entity would typically send a certification request after generating a public-key/private-key pair, but may also do so after a change in the entity's distinguished name. Note 2 – The signature on the certification request prevents an entity from requesting a certificate with another party's public key. Such an attack would give the entity the minor ability to pretend to be the originator of any message signed by the other party. This attack is significant only if the entity does not know the message being signed and the signed part of the message does not identify the signer. The entity would still not be able to decrypt messages intended for the other party, of course.Note 3 – How the entity sends the certification request to a certification authority is outside the scope of this document. Both paper and electronic forms are possible.Note 4 – This document is not compatible with the certification request syntax for Privacy-Enhanced Mail, as described in RFC 1424 [5]. The syntax here differs in three respects: It allows a set of attributes; it does not include issuer name, serial number, or validity period; and it does not require an “innocuous” message to be signed. This document is designed to minimize request size, an important feature for certification authorities accepting requests on paper.4.Certification request syntaxThis section is divided into two parts. The first part describes the certification-request-information type CertificationRequestInfo, and the second part describes the top-level type CertificationRequest.4.1CertificationRequestInfoCertification request information shall have ASN.1 type CertificationRequestInfo: CertificationRequestInfo ::= SEQUENCE {version INTEGER { v1(0) } (v1,...),subject Name,subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},attributes [0] Attributes{{ CRIAttributes }}}SubjectPublicKeyInfo { ALGORITHM : IOSet} ::= SEQUENCE {algorithm AlgorithmIdentifier {{IOSet}},subjectPublicKey BIT STRING}PKInfoAlgorithms ALGORITHM ::= {... -- add any locally defined algorithms here -- }Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}CRIAttributes ATTRIBUTE ::= {... -- add any locally defined attributes here -- }Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {type ATTRIBUTE.&id({IOSet}),values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})}The components of type CertificationRequestInfo have the following meanings:version is the version number, for compatibility with future revisions of this document. It shall be 0 for this version of the standard.subject is the distinguished name of the certificate subject (the entity whose public key is to be certified).subjectPublicKeyInfo contains information about the public key being certified.The information identifies the entity's public-key algorithm (and anyassociated parameters); examples of public-key algorithms include thersaEncryption object identifier from PKCS #1 [1]. The information alsoincludes a bit-string representation of the entity's public key. For thepublic-key algorithm just mentioned, the bit string contains the DERencoding of a value of PKCS #1 type RSAPublicKey. The values of typeSubjectPublicKeyInfo{} allowed for subjectPKInfo are constrained to thevalues specified by the information object set PKIAlgorithms, whichincludes the extension marker (...). Definitions of specific algorithmobjects are left to specifications that reference this document. Suchspecifications will be interoperable with their future versions if anyadditional algorithm objects are added after the extension marker.attributes is a collection of attributes providing additional information about the subject of the certificate. Some attribute types that might be useful here aredefined in PKCS #9. An example is the challenge-password attribute,which specifies a password by which the entity may request certificaterevocation. Another example is information to appear in X.509 certificateextensions (e.g. the extensionRequest attribute from PKCS #9). Thevalues of type Attributes{} allowed for attributes are constrained to thevalues specified by the information object set CRIAttributes. Definitions ofspecific attribute objects are left to specifications that reference thisdocument. Such specifications will be interoperable with their futureversions if any additional attribute objects are added after the extensionmarker.4.2CertificationRequestA certification request shall have ASN.1 type CertificationRequest:CertificationRequest ::= SEQUENCE {certificationRequestInfo CertificationRequestInfo,signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},signature BIT STRING}AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE {algorithm ALGORITHM.&id({IOSet}),parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL}SignatureAlgorithms ALGORITHM ::= {... -- add any locally defined algorithms here -- }The components of type CertificationRequest have the following meanings:certificateRequestInfo is the “certification request information.” It is the value being signed.signatureAlgorithm identifies the signature algorithm (and any associated parameters) under which the certification-request information is signed.For example, a specification might include an ALGORITHM object forPKCS #1's md5WithRSAEncryption in the information object setSignatureAlgorithms:SignatureAlgorithms ALGORITHM ::= {...,{ NULL IDENTIFIED BY md5WithRSAEncryption }}signature is the result of signing the certification request information with the certification request subject's private key.The signature process consists of two steps:1.The value of the certificationRequestInfo component is DER encoded,yielding an octet string.2.The result of step 1 is signed with the certification request subject's privatekey under the specified signature algorithm, yielding a bit string, thesignature.Note – An equivalent syntax for CertificationRequest could be written:CertificationRequest ::= SIGNED { EncodedCertificationRequestInfo }(CONSTRAINED BY { -- Verify or sign encoded CertificationRequestInfo -- }) EncodedCertificationRequestInfo ::= TYPE-IDENTIFIER.&Type(CertificationRequestInfo)SIGNED { ToBeSigned } ::= SEQUENCE {toBeSigned ToBeSigned,algorithm AlgorithmIdentifier { {SignatureAlgorithms} },signature BIT STRING}A.ASN.1 ModuleThis appendix includes all of the ASN.1 type and value definitions contained in this document in the form of the ASN.1 module PKCS-10.PKCS-10 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-10(10) modules(1) pkcs-10(1)} DEFINITIONS IMPLICIT TAGS ::=BEGIN-- EXPORTS All ---- All types and values defined in this module are exported for use in other ASN.1 modules. IMPORTSinformationFramework, authenticationFrameworkFROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) usefulDefinitions(0) 3} ATTRIBUTE, NameFROM InformationFramework informationFrameworkALGORITHMFROM AuthenticationFramework authenticationFramework;-- Certificate requestsCertificationRequestInfo ::= SEQUENCE {version INTEGER { v1(0) } (v1,...),subject Name,subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},attributes [0] Attributes{{ CRIAttributes }}}SubjectPublicKeyInfo {ALGORITHM: IOSet} ::= SEQUENCE {algorithm AlgorithmIdentifier {{IOSet}},STRINGsubjectPublicKey BIT}PKInfoAlgorithms ALGORITHM ::= { ... -- add any locally defined algorithms here -- }Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}CRIAttributes ATTRIBUTE ::= { ... -- add any locally defined attributes here -- }Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {type ATTRIBUTE.&id({IOSet}),values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})}CertificationRequest ::= SEQUENCE {certificationRequestInfo CertificationRequestInfo,signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},signature BIT STRING}AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE {algorithm ALGORITHM.&id({IOSet}),parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL}SignatureAlgorithms ALGORITHM ::= { ... -- add any locally defined algorithms here -- }ENDB.Intellectual property considerationsRSA Security makes no patent claims on the general constructions described in this document, although specific underlying techniques may be covered.License to copy this document is granted provided that it is identified as “RSA Security Inc. Public-Key Cryptography Standards (PKCS)” in all material mentioning or referencing this document.RSA Security makes no representations regarding intellectual property claims by other parties. Such determination is the responsibility of the user.C.Revision historyVersion 1.0Version 1.0 was the previous version of this document (also published as “version 1.5” in [6]).Version 1.7This version incorporates several editorial changes, including updates to the references, and changes to ASN.1 type definitions. The following substantive changes have been made:•This version refers to X.680-X.690, the current international standards for ASN.1 and its encoding rules. All references to X.208 and X.209 have been eliminated.•The X.690 standard requires that the encoded values of SET OF components be sorted in ascending order under DER. Regardless of this, applications should not rely on the ordering of attribute components.•All references to PKCS #6 Extended-Certificate Syntax Standard have been removed. With the addition of extensions to X.509 version 3 certificates, RSA Laboratories is withdrawing support for PKCS #6.Note – The reason for using version 1.7 for this document is to avoid confusion with [6], which is named version 1.5, and an unsupported PKCS #10 version named Version 1.6.D.References[1]RSA Laboratories. PKCS #1: RSA Encryption Standard. Version 2.0, October1998.[2]RSA Laboratories. PKCS #7: Cryptographic Message Syntax Standard. Version1.5, November 1993.[3]RSA Laboratories. PKCS #9: Selected Attribute Types. Version 2.0, February2000.[4] C. Adams, S. Farrell. RFC 2510: Internet X.509 Public Key Infrastructure –Certificate Management Protocols. March 1999.[5] B. Kaliski. RFC 1424: Privacy Enhancement for Internet Electronic Mail: PartIV: Key Certification and Related Services. February 1993.[6] B. Kaliski. RFC 2314: PKCS #10: Certification Request SyntaxVersion 1.5. March 1998.[7]ITU-T Recommendation X.500 (1997) | ISO/IEC 9594-1:1998, Informationtechnology - Open Systems Interconnection - The Directory: Overview of concepts, models and services.[8]ITU-T Recommendation X.501 (1993) | ISO/IEC 9594-2:1995, Informationtechnology - Open Systems Interconnection - The Directory: Models.[9]ITU-T Recommendation X.509 (1997) | ISO/IEC 9594-8:1998, Informationtechnology - Open Systems Interconnection -The Directory: Authentication framework.[10]ITU-T Recommendation X.680 (1997) | ISO/IEC 8824-1:1998, InformationTechnology - Abstract Syntax Notation One (ASN.1): Specification of Basic Notation.[11]ITU-T Recommendation X.681 (1997) | ISO/IEC 8824-2:1998, InformationTechnology - Abstract Syntax Notation One (ASN.1): Information Object Specification.[12]ITU-T Recommendation X.682 (1997) | ISO/IEC 8824-3:1998, InformationTechnology - Abstract Syntax Notation One (ASN.1): Constraint Specification. [13]ITU-T Recommendation X.683 (1997) | ISO/IEC 8824-4:1998, InformationTechnology - Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 Specifications.[14]ITU-T Recommendation X.690 (1997) | ISO/IEC 8825-1:1998, InformationTechnology - ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER).E.About PKCSThe Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. First published in 1991 as a result of meetings with a small group of early adopters of public-key technology, the PKCS documents have become widely referenced and implemented. Contributions from the PKCS series have become part of many formal and de facto standards, including ANSI X9 documents, PKIX, SET, S/MIME, and SSL.Further development of PKCS occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, contact:PKCS EditorRSA Laboratories20 Crosby DriveBedford, MA 01730 USApkcs-editor@/rsalabs/pkcs。

Network Working Group M. Nystrom Request for Comments: 2986 B. Kaliski Obsoletes: 2314 RSA Security Category: Informational November 2000PKCS #10: Certification Request Syntax SpecificationVersion 1.7Status of this MemoThis memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.Copyright NoticeCopyright (C) The Internet Society (2000). All Rights Reserved. AbstractThis memo represents a republication of PKCS #10 v1.7 from RSALaboratories' Public-Key Cryptography Standards (PKCS) series, andchange control is retained within the PKCS process. The body of this document, except for the security considerations section, is takendirectly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document.This memo describes a syntax for certification requests.Table of Contents1. Introduction (2)2. Definitions and notation (2)2.1 Definitions (2)2.2 Notation (4)3. Overview (4)4. Certification request syntax (5)4.1 CertificationRequestInfo (5)4.2 CertificationRequest (7)5. Security Considerations (8)6. Authors' Addresses (8)A. ASN.1 module (9)B. Intellectual property considerations (10)C. Revision history (10)D. References (11)E. Contact information & About PKCS (12)Full Copyright Statement (14)Nystrom & Kaliski Informational [Page 1]RFC 2986 Certification Request Syntax Specification November 2000 1. IntroductionThis document describes syntax for certification requests. Acertification request consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification. Certification requests are sent to acertification authority, which transforms the request into an X.509 [9] public-key certificate. (In what form the certificationauthority returns the newly signed certificate is outside the scope of this document. A PKCS #7 [2] message is one possibility.)The intention of including a set of attributes is twofold: to provide other information about a given entity , or a "challenge password" by which the entity may later request certificate revocation; and toprovide attributes for inclusion in X.509 certificates. A non-exhaustive list of attributes is given in PKCS #9 [3].Certification authorities may also require non-electronic forms ofrequest and may return non-electronic replies. It is expected that descriptions of such forms, which are outside the scope of thisdocument, will be available from certification authorities.The preliminary intended application of this document is to support PKCS #7 cryptographic messages, but it is expected that otherapplications will be developed (see e.g. [4]).2. Definitions and notation2.1 DefinitionsFor the purposes of this document, the following definitions apply.ALGORITHM An information object class defined in X.509 todescribe objects composed of an algorithm (a unique object identifier) and its parameters (any ASN.1type). The values of objects in this class can berepresented by the ASN.1 type AlgorithmIdentifier{}. ALGORITHM is defined as the "useful" informationobject class TYPE-IDENTIFIER, specified in [11],Annex A.AlgorithmIdentifier{}A useful parameterized version of X.509 typeAlgorithmIdentifier is defined in this document.This type tightly binds pairs of algorithm objectidentifiers to their associated parameter types.When referenced, the single parameter ofAlgorithmIdentifier{} specifies a constraint on the Nystrom & Kaliski Informational [Page 2]RFC 2986 Certification Request Syntax Specification November 2000pairs of values that may appear in that instance of the type. The encoded values ofAlgorithmIdentifier{} are equivalent to those of type AlgorithmIdentifier.ASN.1 Abstract Syntax Notation One, as defined in the ASN.1 standards ([10], [11], [12], and [13]).ATTRIBUTE This class describes objects composed of an attribute (a unique object identifier) and an associated set of attribute values (any ASN.1 type). The values ofobjects in this class can be represented by typeAttribute{}.Attribute{} A useful parameterized version of X.501 [8] typeAttribute is defined in this document. This typetightly binds pairs of attribute type objectidentifiers to one or more attribute values types.In the ASN.1 open type notation, an attribute type is defined as ATTRIBUTE.&id and an attribute value asATTRIBUTE.&Type. When referenced, the singleparameter of Attribute{} specifies a constraint onthe pairs of values that may appear in an instance of the type. The encoded values of Attribute{} areequivalent to those of type Attribute.BER Basic Encoding Rules for ASN.1, as defined in X.690 ([14]).Certificate A type that binds a subject entity's distinguishedname to a public key with a digital signature. This type is defined in X.509. This type also containsthe distinguished name of the certificate issuer (the signer), an issuer-specific serial number, theissuer's signature algorithm identifier, a validity period, and an optional set of certificateextensions.DER Distinguished Encoding Rules for ASN.1, as defined in X.690. DER is a subset of BER.Name A type that uniquely identifies or "distinguishes"objects in an X.500 [7] directory. This type isdefined in X.501. In an X.509 certificate, the type identifies the certificate issuer and the certificatesubject, the entity whose public key is certified. Nystrom & Kaliski Informational [Page 3]RFC 2986 Certification Request Syntax Specification November 2000 2.2 NotationNo special notation is used in this document.3. OverviewA certification request consists of three parts: "certificationrequest information," a signature algorithm identifier, and a digital signature on the certification request information. Thecertification request information consists of the entity'sdistinguished name, the entity's public key, and a set of attributes providing other information about the entity.The process by which a certification request is constructed involves the following steps:1. A CertificationRequestInfo value containing a subjectdistinguished name, a subject public key, and optionally aset of attributes is constructed by an entity requestingcertification.2. The CertificationRequestInfo value is signed with the subject entity's private key. (See Section 4.2.)3. The CertificationRequestInfo value, a signature algorithmidentifier, and the entity's signature are collected together into a CertificationRequest value, defined below.A certification authority fulfills the request by authenticating the requesting entity and verifying the entity's signature, and, if the request is valid, constructing an X.509 certificate from thedistinguished name and public key, the issuer name, and thecertification authority's choice of serial number, validity period, and signature algorithm. If the certification request contains any PKCS #9 attributes, the certification authority may also use thevalues in these attributes as well as other information known to the certification authority to construct X.509 certificate extensions.In what form the certification authority returns the new certificate is outside the scope of this document. One possibility is a PKCS #7 cryptographic message with content type signedData, following thedegenerate case where there are no signers. The return message may include a certification path from the new certificate to thecertification authority. It may also include other certificates such as cross-certificates that the certification authority considershelpful, and it may include certificate-revocation lists (CRLs).Another possibility is that the certification authority inserts the new certificate into a central database.Nystrom & Kaliski Informational [Page 4]RFC 2986 Certification Request Syntax Specification November 2000Note 1 - An entity would typically send a certification request after generating a public-key/private-key pair, but may also do so after a change in the entity's distinguished name.Note 2 - The signature on the certification request prevents anentity from requesting a certificate with another party's public key. Such an attack would give the entity the minor ability to pretend to be the originator of any message signed by the other party. Thisattack is significant only if the entity does not know the messagebeing signed and the signed part of the message does not identify the signer. The entity would still not be able to decrypt messagesintended for the other party, of course.Note 3 - How the entity sends the certification request to acertification authority is outside the scope of this document. Both paper and electronic forms are possible.Note 4 - This document is not compatible with the certificationrequest syntax for Privacy-Enhanced Mail, as described in RFC 1424[5]. The syntax here differs in three respects: It allows a set of attributes; it does not include issuer name, serial number, orvalidity period; and it does not require an "innocuous" message to be signed. This document is designed to minimize request size, animportant feature for certification authorities accepting requests on paper.4. Certification request syntaxThis section is divided into two parts. The first part describes the certification-request-information type CertificationRequestInfo, and the second part describes the top-level type CertificationRequest.4.1 CertificationRequestInfoCertification request information shall have ASN.1 typeCertificationRequestInfo:CertificationRequestInfo ::= SEQUENCE {version INTEGER { v1(0) } (v1,...),subject Name,subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},attributes [0] Attributes{{ CRIAttributes }}}SubjectPublicKeyInfo { ALGORITHM : IOSet} ::= SEQUENCE {algorithm AlgorithmIdentifier {{IOSet}},subjectPublicKey BIT STRING}Nystrom & Kaliski Informational [Page 5]RFC 2986 Certification Request Syntax Specification November 2000PKInfoAlgorithms ALGORITHM ::= {... -- add any locally defined algorithms here -- }Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}CRIAttributes ATTRIBUTE ::= {... -- add any locally defined attributes here -- }Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {type ATTRIBUTE.&id({IOSet}),values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})}The components of type CertificationRequestInfo have the followingmeanings:version is the version number, for compatibility with futurerevisions of this document. It shall be 0 for this version of the standard.subject is the distinguished name of the certificate subject(the entity whose public key is to be certified).subjectPublicKeyInfo contains information about the public key being certified. The information identifies the entity'spublic-key algorithm (and any associated parameters); examples of public-key algorithms include the rsaEncryption objectidentifier from PKCS #1 [1]. The information also includes a bit-string representation of the entity's public key. For the public-key algorithm just mentioned, the bit string contains the DER encoding of a value of PKCS #1 type RSAPublicKey. The values of type SubjectPublicKeyInfo{} allowed forsubjectPKInfo are constrained to the values specified by the information object set PKInfoAlgorithms, which includes theextension marker (...). Definitions of specific algorithmobjects are left to specifications that reference thisdocument. Such specifications will be interoperable withtheir future versions if any additional algorithm objects are added after the extension marker.attributes is a collection of attributes providing additionalinformation about the subject of the certificate. Someattribute types that might be useful here are defined in PKCS #9. An example is the challenge-password attribute, whichspecifies a password by which the entity may requestcertificate revocation. Another example is information toappear in X.509 certificate extensions (e.g. theextensionRequest attribute from PKCS #9). The values of type Nystrom & Kaliski Informational [Page 6]RFC 2986 Certification Request Syntax Specification November 2000Attributes{} allowed for attributes are constrained to thevalues specified by the information object set CRIAttributes. Definitions of specific attribute objects are left tospecifications that reference this document. Suchspecifications will be interoperable with their futureversions if any additional attribute objects are added after the extension marker.4.2 CertificationRequestA certification request shall have ASN.1 type CertificationRequest:CertificationRequest ::= SEQUENCE {certificationRequestInfo CertificationRequestInfo,signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, signature BIT STRING}AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE {algorithm ALGORITHM.&id({IOSet}),parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL }SignatureAlgorithms ALGORITHM ::= {... -- add any locally defined algorithms here -- }The components of type CertificationRequest have the followingmeanings:certificateRequestInfo is the "certification requestinformation." It is the value being signed.signatureAlgorithm identifies the signature algorithm (and any associated parameters) under which the certification-request information is signed. For example, a specification mightinclude an ALGORITHM object for PKCS #1'smd5WithRSAEncryption in the information object setSignatureAlgorithms:SignatureAlgorithms ALGORITHM ::= {...,{ NULL IDENTIFIED BY md5WithRSAEncryption }}signature is the result of signing the certification requestinformation with the certification request subject's private key.Nystrom & Kaliski Informational [Page 7]RFC 2986 Certification Request Syntax Specification November 2000 The signature process consists of two steps:1. The value of the certificationRequestInfo component is DERencoded, yielding an octet string.2. The result of step 1 is signed with the certification request subject's private key under the specified signaturealgorithm, yielding a bit string, the signature.Note - An equivalent syntax for CertificationRequest could bewritten:CertificationRequest ::= SIGNED { EncodedCertificationRequestInfo } (CONSTRAINED BY { -- Verify or sign encoded-- CertificationRequestInfo -- })EncodedCertificationRequestInfo ::=TYPE-IDENTIFIER.&Type(CertificationRequestInfo)SIGNED { ToBeSigned } ::= SEQUENCE {toBeSigned ToBeSigned,algorithm AlgorithmIdentifier { {SignatureAlgorithms} },signature BIT STRING}5. Security ConsiderationsSecurity issues are discussed throughout this memo.6. Authors' AddressesMagnus NystromRSA SecurityBox 10704S-121 29 StockholmSwedenEMail: magnus@Burt KaliskiRSA Security20 Crosby DriveBedford, MA 01730 USAEMail: bkaliski@Nystrom & Kaliski Informational [Page 8]RFC 2986 Certification Request Syntax Specification November 2000 APPENDICESA. ASN.1 ModuleThis appendix includes all of the ASN.1 type and value definitionscontained in this document in the form of the ASN.1 module PKCS-10.PKCS-10 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)pkcs-10(10) modules(1) pkcs-10(1)}DEFINITIONS IMPLICIT TAGS ::=BEGIN-- EXPORTS All ---- All types and values defined in this module are exported for use -- in other ASN.1 modules.IMPORTSinformationFramework, authenticationFrameworkFROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)usefulDefinitions(0) 3}ATTRIBUTE, NameFROM InformationFramework informationFrameworkALGORITHMFROM AuthenticationFramework authenticationFramework;-- Certificate requestsCertificationRequestInfo ::= SEQUENCE {version INTEGER { v1(0) } (v1,...),subject Name,subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},attributes [0] Attributes{{ CRIAttributes }}}SubjectPublicKeyInfo {ALGORITHM: IOSet} ::= SEQUENCE {algorithm AlgorithmIdentifier {{IOSet}},subjectPublicKey BIT STRING}PKInfoAlgorithms ALGORITHM ::= {... -- add any locally defined algorithms here -- }Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} Nystrom & Kaliski Informational [Page 9]RFC 2986 Certification Request Syntax Specification November 2000CRIAttributes ATTRIBUTE ::= {... -- add any locally defined attributes here -- }Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {type ATTRIBUTE.&id({IOSet}),values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})}CertificationRequest ::= SEQUENCE {certificationRequestInfo CertificationRequestInfo,signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, signature BIT STRING}AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE {algorithm ALGORITHM.&id({IOSet}),parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL}SignatureAlgorithms ALGORITHM ::= {... -- add any locally defined algorithms here -- }ENDB. Intellectual property considerationsRSA Security makes no patent claims on the general constructionsdescribed in this document, although specific underlying techniques may be covered.License to copy this document is granted provided that it isidentified as "RSA Security Inc. Public-Key Cryptography Standards (PKCS)" in all material mentioning or referencing this document.RSA Security makes no representations regarding intellectual property claims by other parties. Such determination is the responsibility of the user.C. Revision historyVersion 1.0Version 1.0 was the previous version of this document (alsopublished as "version 1.5" in [6]).Nystrom & Kaliski Informational [Page 10]RFC 2986 Certification Request Syntax Specification November 2000 Version 1.7This version incorporates several editorial changes, including updates to the references, and changes to ASN.1 typedefinitions. The following substantive changes have been made:- This version refers to X.680-X.690, the current international standards for ASN.1 and its encoding rules. All references to X.208 and X.209 have been eliminated.- The X.690 standard requires that the encoded values of SET OF components be sorted in ascending order under DER.Regardless of this, applications should not rely on theordering of attribute components.- All references to PKCS #6 Extended-Certificate SyntaxStandard have been removed. With the addition of extensions to X.509 version 3 certificates, RSA Laboratories iswithdrawing support for PKCS #6.Note - The reason for using version 1.7 for this document is to avoid confusion with [6], which is named version 1.5, and an unsupportedPKCS #10 version named Version 1.6.D. References[1] RSA Laboratories. PKCS #1: RSA Encryption Standard. Version 2.0, October 1998.[2] RSA Laboratories. PKCS #7: Cryptographic Message SyntaxStandard. Version 1.5, November 1993.[3] RSA Laboratories. PKCS #9: Selected Attribute Types. Version2.0, February 2000.[4] Adams, C. and S. Farrell, "Internet X.509 Public KeyInfrastructure - Certificate Management Protocols", RFC 2510,March 1999.[5] Kaliski, B., "Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services", RFC 1424,February 1993.[6] Kaliski, B., "PKCS #10: Certification Request Syntax Version1.5", RFC 2314, March 1998.Nystrom & Kaliski Informational [Page 11]RFC 2986 Certification Request Syntax Specification November 2000[7] ITU-T Recommendation X.500 (1997) | ISO/IEC 9594-1:1998,Information technology - Open Systems Interconnection - TheDirectory: Overview of concepts, models and services.[8] ITU-T Recommendation X.501 (1993) | ISO/IEC 9594-2:1995,Information technology - Open Systems Interconnection - TheDirectory: Models.[9] ITU-T Recommendation X.509 (1997) | ISO/IEC 9594-8:1998,Information technology - Open Systems Interconnection -TheDirectory: Authentication framework.[10] ITU-T Recommendation X.680 (1997) | ISO/IEC 8824-1:1998,Information Technology - Abstract Syntax Notation One (ASN.1): Specification of Basic Notation.[11] ITU-T Recommendation X.681 (1997) | ISO/IEC 8824-2:1998,Information Technology - Abstract Syntax Notation One (ASN.1): Information Object Specification.[12] ITU-T Recommendation X.682 (1997) | ISO/IEC 8824-3:1998,Information Technology - Abstract Syntax Notation One (ASN.1): Constraint Specification.[13] ITU-T Recommendation X.683 (1997) | ISO/IEC 8824-4:1998,Information Technology - Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 Specifications.[14] ITU-T Recommendation X.690 (1997) | ISO/IEC 8825-1:1998,Information Technology - ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER).E. Contact Information & About PKCSThe Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developersworldwide for the purpose of accelerating the deployment of public- key cryptography. First published in 1991 as a result of meetingswith a small group of early adopters of public-key technology, thePKCS documents have become widely referenced and implemented.Contributions from the PKCS series have become part of many formaland de facto standards, including ANSI X9 documents, PKIX, SET,S/MIME, and SSL.Nystrom & Kaliski Informational [Page 12]RFC 2986 Certification Request Syntax Specification November 2000Further development of PKCS occurs through mailing list discussions and occasional workshops, and suggestions for improvement arewelcome. For more information, contact:PKCS EditorRSA Laboratories20 Crosby DriveBedford, MA 01730 USApkcs-editor@/rsalabs/pkcsNystrom & Kaliski Informational [Page 13]RFC 2986 Certification Request Syntax Specification November 2000 Full Copyright StatementCopyright (C) The Internet Society 2000. All Rights Reserved.This document and translations of it may be copied and furnished to others provided that the above copyright notice and this paragraphare included on all such copies. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internetorganizations, except as required to translate it into languagesother than English.The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATIONHEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OFMERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.AcknowledgementFunding for the RFC Editor function is currently provided by theInternet Society.Nystrom & Kaliski Informational [Page 14]。

与pki相关的标准
与pki（公钥基础设施）相关的标准有很多，以下是其中一些常见的标准：
1. X.509：这是一种数字证书标准，用于在公钥基础设施中发布和管理数字证书。

X.509标准定义了证书的主题、颁发者和有效期等属性，以及如何使用证书来验证身份和授权。

2. PKCS（公钥密码标准）：PKCS是一组与公钥基础设施相关的标准，包括PKCS#1、PKCS#7、PKCS#8、PKCS#10、PKCS#11和PKCS#12等。

这些标准定义了与公钥密码学相关的算法、协议和格式，例如RSA、椭圆曲线和数字签名等。

3. LDAP（轻量级目录访问协议）：LDAP是一种用于访问目录服务的协议，它定义了如何在公钥基础设施中使用目录服务来存储和管理数字证书和密钥。

4. SMIME（安全/多用途互联网邮件扩展）：SMIME是一种用于在互联网上发送加密的电子邮件的协议，它定义了如何在公钥基础设施中使用加密和数字签名来保护电子邮件。

5. OCSP（在线证书状态协议）：OCSP是一种用于检查数字证书是否被吊销的协议，它定义了如何在公钥基础设施中使用OCSP来检查数字证书的状态。

6. CRL（证书吊销列表）：CRL是一种包含已吊销证书列表的公告，它定义了如何在公钥基础设施中发布和管理CRL，以便验证数字
证书的有效性。

这些标准通常一起使用，以确保公钥基础设施的安全、可靠和互操作性。

PKCS#10以及证书颁发过程具体实现⽤户⾸先产⽣⾃⼰的密钥对，并将公共密钥及部分个⼈信息传送给CA（通过P10请求）CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA1WithRSA");gen.generate(1024);//⽣成1024位密钥PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN = " + name), gen.getPublicKey());// CN和公钥JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");// 签名算法ContentSigner signer = null;signer = csBuilder.build(gen.getPrivateKey());PKCS10CertificationRequest csr = p10Builder.build(signer);// PKCS10的请求return csr;//返回PKCS10的请求CA接受请求并⽣成证书CertificateFactory certFactory = CertificateFactory.getInstance("X.509");X509Certificate cacert = (X509Certificate) certFactory.generateCertificate(new FileInputStream(certPath));//⼀⼤堆参数 ,填充到⽣成器⾥AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);org.bouncycastle.asn1.x500.X500Name issuer = new org.bouncycastle.asn1.x500.X500Name( cacert.getSubjectX500Principal().getName()); BigInteger serial = new BigInteger(32, new SecureRandom()); Date from = new Date(); Date to = new Date(System.currentTimeMillis() + (365 * 80 * 86400000L));X509v3CertificateBuilder certgen = new X509v3CertificateBuilder(issuer, serial, from, to, csr.getSubject(), csr.getSubjectPublicKeyInfo())Key privateKey = productPrivateKey();// CA端进⾏签名, 才有具有法律效⼒ContentSigner signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(privateKey.getEncoded()));// ⽣成BC结构的证书Security.addProvider(new BouncyCastleProvider());X509Certificate resultBc = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certgen.build(signer));return resultBc;//返回证书CSR：证书签发请求(Certificate Signing Request)，CSR也叫做认证申请，是⼀个发送到CA的请求认证信息。

pkcs7签名标准
PKCS#7（Public-Key Cryptography Standard #7）是一种加密消息的语法标准，由RSA安全体系在公钥加密系统中交换数字证书产生。

PKCS#7签名主要用于确保数据的完整性和来源真实性，并保护数据以防被篡改。

PKCS#7签名标准涉及以下几个方面：
1. 数据填充：在签名之前，发送方需要对数据进行填充，以确保数据的完整性。

填充后的数据称为填充数据块。

2. 签名生成：发送方使用自己的私钥对填充后的数据块进行RSA运算。

得到的结果即为PKCS#7格式的签名值。

3. 签名验证：接收方使用发送方的公钥对签名值进行验证。

验证通过，说明数据来源可靠且未被篡改。

4. 数据解密：接收方可以使用发送方的公钥对加密数据进行解密，得到原始数据。

PKCS#7签名标准在网络安全领域具有广泛的应用，例如用于数字证
书、安全传输协议等场景。

通过遵循这一标准，可以确保数据在传输过程中的完整性和真实性，防止篡改和伪造。

pkcs7证书格式解析PKCS#7证书格式解析PKCS#7（公钥密码编码标准）是一种证书格式，它用于在公钥基础设施（PKI）中传输和存储数字证书、私钥和其他相关加密数据。

PKCS#7证书格式广泛应用于数字签名、消息加密和认证服务中。

PKCS#7证书格式采用ASN.1（抽象语法标记）来描述证书结构。

这种格式使用一种基于二进制的编码方式，以确保数据的完整性和安全性。

PKCS#7证书主要由以下几个部分组成：1. 证书链：PKCS#7证书可以包含多个证书，其中包括密钥交换证书、身份验证证书和根证书等。

证书链被用于验证数字证书的有效性和身份。

2. 签名：PKCS#7证书可以包含一个或多个数字签名。

数字签名用于验证数据的完整性和身份。

签名通常使用证书中包含的私钥生成，并可以通过验证证书链来验证签名的有效性。

3. 加密数据：PKCS#7证书可以包含加密的数据，用于保护敏感信息的机密性。

加密数据通常使用证书中包含的公钥进行加密，并可以使用相应的私钥进行解密。

4. 杂项信息：PKCS#7证书还可以包含其他杂项信息，如时间戳、证书撤销列表（CRL）等。

解析PKCS#7证书主要涉及以下步骤：1.使用特定的编码方式（如DER或PEM）将证书数据转换为二进制格式。

2.根据ASN.1结构解析证书，识别证书的各个组成部分。

3.验证证书链，确保每个证书有效且可以信任。

4.检查证书中的数字签名，验证数据的完整性和身份。

5.如果证书包含加密数据，则使用相应的私钥进行解密。

PKCS#7证书格式的解析对于安全领域和网络通信至关重要。

通过了解PKCS#7证书的结构和内容，我们可以确保证书的有效性、数据的完整性和机密性，从而提高网络通信的安全性。

pkcs7填充规则
PKCS7是一种常用的填充规则，用于加密算法中处理数据的填充。

在加密
过程中，需要将明文数据转换为满足特定格式要求的密文数据，而填充规则就是用来确定如何将明文数据转换为密文数据的。

在PKCS7填充规则中，如果待加密数据的长度小于数据块长度，会在数据
后面补足相应的字节，使得整体长度达到数据块长度的倍数。

具体来说，如果待加密数据长度为N，数据块长度为M，那么需要补充的字节数就是M-N。

这些补充的字节都是相同的值，这个值就是数据块长度的数值，即M。

例如，如果数据块长度为8，待加密数据长度为5，那么需要补充的字节数
就是8-5=3，补充的字节分别是8、8、8。

这样，加密后的数据长度就是8的倍数，符合PKCS7填充规则的要求。

如果待加密数据的长度恰好是数据块长度的倍数，那么也需要补充一个字节，这个字节的值也是数据块长度的数值。

例如，如果数据块长度为8，待加密数据长度为16（正好是8的倍数），那么也需要补充一个字节，值为8。

总的来说，PKCS7填充规则是一种简单而有效的填充方式，能够保证加密数据的完整性和安全性。

在实现加密算法时，需要根据具体的算法要求和数据块长度选择合适的填充规则，并进行相应的填充处理。

PKCS7证书格式pkcs#7是“Cryptographic Message Syntax Standard”，在第⼀部分的“Scope”中，提到“This standard describes a general syntax for data that may have cryptography applied to it, such as digital signatures and digital envelopes”。

简单的说，它规定了加密、签名等消息的语法格式，当然了，证书作为消息的⼀部分，也可以同时传递。

⼀、x509，公钥证书，只有公钥。

p7，签名或加密。

可以往⾥⾯塞x509，同时没有签名或加密内容。

p12，含有私钥，同时可以有公钥，有⼝令保护。

p7的作⽤就是电⼦信封，包含了信息和证书。

在 Windows 资源管理器中，选中要转换的⽂件 (filename.p7b)。

双击此⽂件可显⽰证书窗⼝。

在证书窗⼝的左窗格中，展开此⽂件。

展开证书⽂件夹以显⽰证书列表。

选择⼀个要转换为 PEM 格式的证书。

⽤⿏标右键单击此证书，然后选择“所有任务”>“导出”以显⽰证书导出向导。

在此向导中，单击“下⼀步”。

选中“Base-64 encoded X.509 (.CER)”选项。

然后单击“下⼀步”。

（Base 64 编码为 PEM 格式。

）在“⽂件名:”字段中，请为已转换的数字证书输⼊⼀个名称，然后单击“下⼀步”。

注意： 此向导会向输出⽂件追加⼀个 .cer 扩展名，.cer 扩展名是追加在 Base 64 编码的证书和 DER 证书后的通⽤扩展名。

退出此向导后，可将此扩展名更改为 .pem。

验证设置是否正确。

如果设置正确，请单击“完成”；如果不正确，请单击“上⼀步”并进⾏必要的修改。

注意： 对于包含证书链的 p7b 证书⽂件，需要将发⾏⽅ PEM 数字证书连接到此证书⽂件。

WebLogic Server 可使⽤⽣成的证书⽂件。

PKCS #7:加密消息语法标准（Cryptographic Message Syntax Standard）An RSA Laboratories Technical NoteVersion 1.5Revised November 1, 1993*1. 范围这一标准描述了待加密数据的一般语法，比如数字签名和数字信封。

该语法允许递归，如一个信封能够包含在另一个当中，或者一方能够对一已存在的封装数据进行签名。

它也允许专有的属性和消息的内容一起被鉴别，比如签名时间，并且提供其他属性如伴随着签名的连属(countersignature)。

该语法的一个简化版提供了发布证书和CRL的方法。

这一标准和PEM(Privacy-Enhance Mail)兼容，体现在签名数据和签名并封装的数据内容上，以一种PEM兼容格式构成，并能够在无需任何加密操作的情况下转换成PEM消息。

类似地，PEM消息也能转换成签名数据和签名封装数据的内容格式。

这一标准能够支持多种基于认证的密钥管理体系结构，比如它的一个提议已收录在PEM[RFC1422]中。

一些体系结构上的决定比如何种证书颁发者才是“顶级”的，何种实体证书颁发者应被授权，何种可辨别名能够被接受以及颁发者应该遵循怎样的证书策略等等这些问题不在本标准讨论范围之内。

由这一标准产生的值可能是BER编码的，这意味着该值会以8位字节串(octet string)的形式表示。

众所周知，虽然许多系统能够可靠地传输专有的8位字节串，但很多电子邮件系统并没有这么做。

这一标准并不寻找编码8位字节串的机制，像ASCII字符串或者其他保证可靠传输的re-encoding 8位字节串技术。

RFC 1421 对该问题提出了可能的解决方法。

2. 参考FIPS PUB 46–1 National Bureau of Standards. FIPS PUB 46–1: Data Encryption Standard. January 1988.PKCS #1 RSA Laboratories. PKCS #1: RSA Encryption Standard. Version 1.5, November 1993.PKCS #6 RSA Laboratories. PKCS #6: Extended-Certificate Syntax Standard. Version 1.5, November 1993.*Supersedes June 3, 1991 version, which was also published as NIST/OSI Implementors' Workshop document SEC-SIG-91-22. PKCS documents are available by electronic mail to .PKCS #9 RSA Laboratories. PKCS #9: Selected Attribute Types. Version 1.1, November 1993.RFC 1421 J. Linn. RFC 1421: Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. February 1993.RFC 1422 S. Kent. RFC 1422: Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. February 1993.RFC 1423 D. Balenson. RFC 1423: Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers. February 1993.RFC 1424 B. Kaliski. RFC 1424: Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services. February 1993.RFC 1319 B. Kaliski. RFC 1319: The MD2 Message-Digest Algorithm. April 1992.RFC 1321 R. Rivest. RFC 1321: The MD5 Message-Digest Algorithm. April 1992.X.208 CCITT. Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1). 1988.X.209 CCITT. Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). 1988.X.500 CCITT. Recommendation X.500: The Directory—Overview of Concepts, Models and Services. 1988.X.501 CCITT. Recommendation X.501: The Directory—Models. 1988.X.509 CCITT. Recommendation X.509: The Directory—Authentication Framework. 1988.[NIST91] NIST. Special Publication 500-202: Stable Implementation Agreements for Open Systems Interconnection Protocols. Version 5, Edition 1, Part 12. December 1991.[RSA78] R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.3. 定义For the purposes of this standard, the following definitions apply.AlgorithmIdentifier: A type that identifies an algorithm (by object identifier) and associated parameters. This type is defined in X.509.ASN.1: Abstract Syntax Notation One, as defined in X.208.Attribute: A type that contains an attribute type (specified by object identifier) and one or more attribute values. This type is defined in X.501.BER: Basic Encoding Rules, as defined in X.209.Certificate: A type that binds an entity's distinguished name to a public key with a digital signature. This type is defined in X.509. This type also contains the distinguished name of the certificate issuer (the signer), an issuer-specific serial number, the issuer's signature algorithm identifier, and a validity period.CertificateSerialNumber: A type that uniquely identifies a certificate (and thereby an entity and a public key) among those signed by a particular certificate issuer. This type is defined in X.509.CertificateRevocationList: A type that contains information about certificates whose validity an issuer has prematurely revoked. The information consists of an issuer name, the time of issue, the next scheduled time of issue, and a list of certificate serial numbers and their associated revocation times. The CRL is signed by the issuer. The type intended by this standard is the one defined RFC 1422.DER: Distinguished Encoding Rules for ASN.1, as defined in X.509, Section 8.7.DES: Data Encryption Standard, as defined in FIPS PUB 46-1.desCBC: The object identifier for DES in cipher-block chaining (CBC) mode, as defined in [NIST91].ExtendedCertificate: A type that consists of an X.509 public-key certificate and a set of attributes, collectively signed by the issuer of the X.509 public-key certificate. This type is defined in PKCS #6.MD2: RSA Data Security, Inc.'s MD2 message-digest algorithm, as defined in RFC 1319.md2: The object identifier for MD2, as defined in RFC 1319.MD5: RSA Data Security, Inc.'s MD5 message-digest algorithm, as defined in RFC 1321.md5: The object identifier for MD5, as defined in RFC 1321.Name: A type that uniquely identifies or "distinguishes" objects in an X.500 directory. This type is defined in X.501. In an X.509 certificate, the type identifies the certificate issuer and the entity whose public key is certified.PEM: Internet Privacy-Enhanced Mail, as defined in RFCs 1421–1424.RSA: The RSA public-key cryptosystem, as defined in [RSA78].rsaEncryption: The object identifier for RSA encryption, as defined in PKCS #1.4. 符号和缩略语No symbols or abbreviations are defined in this standard.5. 概述下面的9节指定了有用的类型，通用的语法，六种内容类型和对象标识符。

pkcs10certificationrequest 公钥-回复PKCS10证书请求（Public Key Certificate Signing Request，简称PKCS10请求）是一种用于生成数字证书的标准格式。

在本文中，我们将逐步解释PKCS10证书请求的含义、结构和用途。

第一步：什么是PKCS10证书请求？PKCS10证书请求是一种格式化的数据结构，它包含了生成数字证书所需的信息和公钥。

这个请求被用于向证书颁发机构（Certificate Authority，简称CA）提交申请，以请求CA为该公钥颁发数字证书。

第二步：PKCS10证书请求的结构是什么样的？PKCS10证书请求由一系列的字段组成，这些字段包含了诸如公钥、拥有者信息等关键数据。

以下是PKCS10证书请求的一般字段结构：Version：证书请求的版本号。

Subject：证书请求的主体信息，包括名称、电子邮件等。

Public Key：证书请求中包含的公钥。

Extensions：可选字段，用于添加其他相关信息。

第三步：PKCS10证书请求的生成流程是什么样的？PKCS10证书请求的生成流程涉及以下几个步骤：生成密钥对：首先，我们需要生成一对公私钥。

这对密钥将用于加密和解密数据，以及生成数字签名。

填写证书请求：接下来，我们将填写PKCS10证书请求的各个字段。

其中，Subject字段会包含拥有者的一些信息（如名称、电子邮件等），而Public Key字段则包含公钥。

计算签名：在填写完证书请求后，我们需要使用私钥对该请求进行数字签名。

这个签名可以保证证书请求的完整性和真实性。

提交请求并等待颁发：最后，我们将填写完的证书请求提交给一家可靠的CA。

CA会验证请求的真实性，并根据请求所包含的公钥为其颁发数字证书。

第四步：PKCS10证书请求的用途是什么？PKCS10证书请求的主要用途是用于生成数字证书。

数字证书在网络安全中起到了至关重要的作用，它可以验证通信双方的身份并确保数据的机密性和完整性。

pkcs7.verify 原理PKCS#7是一个标准的消息认证码（MAC）和数字签名结构，它用于验证数据的完整性和真实性。

在PKCS#7中，数据可以是任意长度的，并且可以包含多个签名和/或加密的内容。

验证过程主要是确定数据在传输过程中是否被篡改，以及数字签名是否有效。

下面是PKCS#7验证的主要步骤和逻辑：1.签名算法和密钥管理:o PKCS#7支持多种签名算法，如RSA、DSA等。

在生成数字签名时，需要使用发送方的私钥。

而在验证时，则需要使用相应的公钥。

o密钥的管理方式依赖于具体的实现和部署环境，通常会采用中心化的密钥管理系统或基于P2P的分布式系统。

2.数据完整性验证:o发送方在发送数据前，会使用散列函数（如SHA-256）对原始数据进行散列处理，生成一个固定长度的散列值。

这个散列值会与数字签名一起发送给接收方。

o接收方收到数据后，同样使用相同的散列函数对数据进行散列处理，然后与发送方提供的散列值进行比对。

如果两者一致，说明数据在传输过程中没有被篡改。

3.数字签名验证:o数字签名用于验证数据的来源和完整性。

发送方使用自己的私钥对数据的散列值进行加密，生成数字签名。

这个签名会附加在数据之后发送给接收方。

o接收方使用发送方的公钥对数字签名进行解密，如果解密成功且得到的散列值与接收到的散列值一致，则说明数字签名有效，数据是真实且未被篡改的。

4.证书链验证:o在实际应用中，公钥通常不是直接发送给接收方的，而是通过第三方证书颁发机构（CA）进行签名的。

因此，接收方在验证数字签名之前，还需要验证公钥证书的合法性。

o这涉及到证书链的验证：验证CA的证书是否有效，CA证书是否是由可信任的根证书颁发机构签名等。

5.时间戳和有效期:o数字签名和证书都可能包含时间戳和有效期信息。

这些信息用于确保数字签名和证书在当前时间点是有效的。

如果超过有效期或时间戳显示签名是在未来生成的，则验证失败。

6.错误处理和日志记录:o在验证过程中，如果遇到任何错误（如数据完整性损坏、数字签名无效等），验证函数应返回错误信息并停止验证过程。

pkcs证书的使用
PKCS（Public Key Cryptography Standards，公钥密码学标准）是一系列密码学标准，其中包括关于证书和密钥等密码学实体的定义和规范。

PKCS#12是PKCS标准中的一部分，它定义了一种通用的文件格式，用于存储和传输个人身份证书、私钥和其他相关信息。

PKCS#12文件通常使用.p12或.pfx扩展名。

PKCS#12证书通常用于以下情况：
1.数字身份验证：PKCS#12证书包含个人身份证书和私钥，用于证明某人或某个实体的身份。

这种证书通常用于网络身份验证、电子邮件签名和加密等场景。

2.客户端证书：在一些安全通信协议中，客户端需要提供自己的证书来验证身份。

PKCS#12证书可以用作客户端证书，以便安全地建立与服务器的通信。

3.SSL/TLS通信：在SSL/TLS协议中，服务器端通常使用X.509格式的证书来验证身份，而客户端可以使用PKCS#12证书来提供自己的身份。

4.数字签名：PKCS#12证书中包含私钥，可以用于生成数字签名，以证明信息的完整性和身份验证。

要使用PKCS#12证书，您需要以下步骤：
5.获取PKCS#12证书：通常，您可以从证书颁发机构（CA）或相关的证书服务提供商处获得PKCS#12证书。

6.导入证书：使用适当的工具（如操作系统的证书管理工具、安全浏览器或密码学库），导入PKCS#12证书到您的操作系统或应用程序中。

7.使用证书：一旦导入成功，您可以在您的应用程序或系统中使用证书，例如进行安全通信、身份验证、数字签名等操作。

1 PKCS #10PKCS最初是为推进公钥密码系统的互操作性，由RSA实验室与工业界、学术界和政府代表合作开发的。

在RSA带领下，PKCS的研究随着时间不断发展，它涉及了不短发展的PKI格式标准、算法和应用程序接口。

PKCS标准提供了基本的数据格式定义和算法定义，它们实际是今天所有PKI实现的基础。

PKCS #10：证书请求语法标准。

PKCS #10定义了证书请求的语法。

证书请求包含了一个唯一识别名、公钥和可选的一组属性，它们一起被请求证书的实体签名（证书管理协议中的PKIX 证书请求消息就是一个PKCS #10）。

PKCS的标准主要用于用户实体通过RA的证书申请、用户的证书更新过程。

当证书作废时，RA通过CA向目录服务器中发布证书撤销列表CRL，用于扩展证书内容，以及数字签名与验签过程和实现数字信封格式定义等一系列相关协议。

2 openssl证书申请与生成首先在网上搜一些安装配置的步骤。

在安装时，遇到很多问题。

可能是对DOS命令行的很多命令、机理都不了解，在安装这一步花了不少时间。

遇到一个错误就GOOGLE，然后变为下一个错误，继续GOOGLE。

最终总算安装配置成功了。

然后开始做证书申请部分。

首先在D盘建立一个目录SSL。

创建CA。

为CA创建一个RSA私钥。

利用CA的RSA私钥创建一个自签名的CA证书，命令如下：openssl req –new –x509 –days 3650 –key ca.key –out ca.crt –config f这里需要注意的是参数-config f，这是用到配置文件f 我在D:\openssl-0.9.8q\apps目录下找到了这个配置文件。

将这个文件COPY到d:\SSL目录下。

然后用Ultraedit打开f，对以下几项做修改。

（1）dir的值根据实际必须是“.”代表的是当前工作目录，从这个目录中载入f 配置文件。

（2）certs的值表示已发行的证书和证书请求存放的目录，可以在SSL目录下新建一个名为certs的目录，将来生成的请求证书就会自动存放在certs目录里。

pkcks方法论PKCS（Public Key Cryptography Standards，公钥密码学标准）是由美国RSA Data Security（现为EMC Corporation旗下的RSA安全分部）定义的一系列公钥密码学相关的标准。

PKCS#1：RSA加密标准PKCS#1是最早的公钥密码标准之一，详细说明了RSA加密和解密算法及其实现过程。

PKCS#1标准并不涉及密钥管理和证书格式。

PKCS#3：Diffie-Hellman密钥交换标准PKCS#3是一种密钥交换协议，使用基于离散对数问题的Diffie-Hellman算法交换密钥。

PKCS#3还提供了使用Diffie-Hellman交换的密钥派生协议。

PKCS#5：基于口令的加密标准PKCS#5标准定义了一种基于口令的加密算法，被广泛应用于文档加密和密码保护。

PKCS#5使用基于口令的密钥派生函数（Password-Based Key Derivation Function，PBKDF），根据用户提供的口令和随机盐生成对称密钥。

PKCS#6：扩展证书语法标准PKCS#6定义了一种扩展证书语法（Extended Certificate Syntax），包括扩展证书和扩展证书吊销列表。

该标准允许在X.509证书中包含非标准扩展字段。

PKCS#7：加密消息语法标准PKCS#7定义了一种加密消息语法（Cryptographic Message Syntax，CMS），用于加密、签名和验证消息。

CMS支持多种消息格式和数字签名算法，可以进行文件加密、邮件加密等安全通信。

PKCS#8：私钥信息标准PKCS#8定义了一种格式化表示私钥的方法，用于存储和交换私钥。

PKCS#8支持多种非对称加密算法，如RSA、DSA、EC和DH。

PKCS#9：扩展安全标记语法标准PKCS#9定义了一种扩展安全标记语法（Extended Security MarkUp Language，ESML），用于在数字证书中包含附加信息。