Software developed

  • Extended version of Openssl Openssl Extended

    This distribution is an extended version of OpenSSL, that includes X.509 Attribute Certificate functionality.

  • Attribute Authority Operator(AAO) executable

    AAO is a graphical program, implemented based on GTK and the extension of OpenSSL, to perform the task of an Attribute Authority (AA). At the present time, the software has already been developed, although it is necessary to translate the interface into English.

OpenPMI

The aim of the OpenPMI proposal is to build an open Privilege Management Infrastructure (PMI) following the ITU-T, PKIX and ETSI recommendations.

Attribute Certificate support to OpenSSL

The first step is to include X.509 Attribute Certificate support to OpenSSL and build a "small" AA command line. The following figures show the sentences needed to create and visualize an X.509 Attribute Certificate.


Figure 1. X509AT is the new command in our extended OpenSSL to process X.509 Attribute Certificate functions.



Figure 2. Options of X509AT command.



Figure 3. Creating an X.509 Attribute Certificate with baseCertificateID identification.

openssl x509AT -config c:\openssl.cnf -AA c:\AA.crt -AAkey c:\AA.key -User c:\monte.crt -out userB.crt -Attribute c:\Attribute.txt -HolderT 1

  • AA option sets the Attribute Authority certificate
  • AAkey option sets the Attribute Authority key used to sign the attribute certificate
  • User option sets the user X.509 Identity Certificate, used to get identity information (see option HolderT)
  • Out option sets where to store the X.509 Attribute Certificate
  • Attribute option sets where to read the file that contains the attributes to include in the certificate (see format)
  • HolderT option allows the tree option of the holder field to be used.
    • 0 entityName - default
    • 1 baseCertificateID
    • 2 objectDigestInfo - Identity certify hash
The format of the attribute file is:

# comments
# OID = attribute value
2.5.4.35 = pazzword
2.23.42.2.7.11 = 010203941212328237



Figure 4. Creating an X.509 Attribute Certificate with entityName identification.



Figure 5. The attributes of an X.509 Attribute Certificate.

openssl x509AT -config c:\openssl.cnf -in c:\userA.crt -attributes



Figure 6. An X.509 Attribute Certificate in text mode.

openssl x509AT -config c:\openssl.cnf -in c:\userA.crt -text



Figure 7. Holder field of an X.509 Attribute Certificate.

openssl x509AT -config c:\openssl.cnf -in c:\userA.crt -holder

Using an ASN.1 Graphical Editor

There are several ASN.1 Graphical Editors in the web. We selected the following one (go).
The X.509 Attribute Certificates used are userA.crt, userB.crt and userC.crt.

Figure 8. Using an ASN.1 Graphical Editor



Figure 9. Using an ASN.1 Graphical Editor (2)

Attribute Authority Operator(AAO)

AAO is a graphical program, implemented based on GTK and the extension of OpenSSL, to perform the task of an Attribute Authority (AA). At the present time, the software has already been developed, although it is necessary to translate the interface into English.

Figure 10. AAO in Spanish