1 / 21

GRID-FR

GRID-FR. French CA http://igc.services.cnrs.fr/GRID-FR Alice de Bignicourt. Outline. Requirement to access to the GRID GRID-FR CA Certificate Statistics. Requirement to access to GRID. User certificate (authentication) Access to VO or VOMS (authorization)

yaron
Download Presentation

GRID-FR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GRID-FR French CA http://igc.services.cnrs.fr/GRID-FR Alice de Bignicourt

  2. Outline • Requirement to access to the GRID • GRID-FR CA • Certificate • Statistics

  3. Requirement to access to GRID • User certificate (authentication) • Access to VO or VOMS (authorization) • User interface or web service access

  4. Outline • Requirement to access to the GRID • About GRID-FR CA • Certificate • Statistics

  5. About GRID-FR CA • CA=Certification Authority • CA GRID-FR • Issue certificates for institutes participating in GRID projects in which CNRS is involved: • EGEE, LCG, DEISA , Grid 5000, ILDG, E-Sciences, Integrative Biology, … • Issue user, server and service certificates to: • French public institutes & private institutes • Foreign public & private institutes, no HEP, and who do not have CA (catch-all).

  6. About GRID-FR CA Composition of a CA • CA : Certification Authority • RA : Registration Authority • EE : End Entity (person, host, service) • Certificate repository • Certificates (EE, CAs) • CRLs • Validation Service • Encipherment Private Key Recovery Service

  7. About GRID-FR CA • GRID-FR sign algorithm • SHA1 • CRL=Certification Revocation List • Generated each night • Lifetime : 1 month • Download dedicated server: • crls.services.cnrs.fr • EUGridPMA requirements • European Policy Management Authority for Grid Authentication (http://www.eugridpma.org) • Activity : • To verify the minimum requirements • To accredit new CAs

  8. CNRS CNRS-Standard CNRS-Plus CNRS-Projets GRID - FR SSI Partenaires-CNRS GRID-FR in the CNRS PKI

  9. Outline • Requirement to access to the GRID • GRID-FR CA • Certificate • Statistics

  10. X509v3 Certificate • asymmetric encryption algorithm • Accredited by the trusted CA • Certificate for : • User • Host • Service • Couple of 2 keys : • Private key • NOT communicated • Encoded and protected by password • Public key (also called certificate) • Signed by CA • Published

  11. Structure of an X509 certificate • Certificate • Version • Serial Number • Algorithm ID • Issuer • Validity • Not Before • Not After • Subject • Subject Public Key Info • Public Key Algorithm • Subject Public Key • Issuer Unique Identifier (Optional) • Subject Unique Identifier (Optional) • Extensions (Optional) • ... • Certificate Signature Algorithm • Certificate Signature (Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3)

  12. Example 1/2 Certificate: Data: Version: 3 (0x2) Serial Number: 1323 (0x52b) Signature Algorithm: md5WithRSAEncryption Issuer: C=FR, O=CNRS, CN=GRID-FR Validity Not Before: Oct 3 13:13:42 2006 GMT Not After : Oct 3 13:13:42 2007 GMT Subject: O=GRID-FR, C=FR, O=CNRS, OU=UREC, CN=Alice De Bignicourt Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:f6:48:51:86:3f:c3:0e:5a:1d:69:9e:c9:a7:4c: 25:d8:a1:e7:5a:9c:6f:50:d4:d6:34:ab:3f:57:a7: 60:d9:f1:3d:58:43:3a:ca:90:fb:51:9d:2f:4a:3e: 10:d4:14:4e:48:ca:6b:9f:d0:ac:f0:b5:94:bb:15: d6:43:49:91:37:72:75:0e:1b:89:d2:7c:76:db:25: 60:d1:fd:fc:b5:20:78:18:cb:11:a3:73:9a:e3:2b: ab:a3:cd:7c:0c:6c:9a:3a:19:5e:cb:10:e6:66:f4: 8e:02:aa:8f:1b:12:e0:f8:42:5e:68:a8:53:1b:f6: c6:00:92:f0:76:77:6b:f9:cd Exponent: 65537 (0x10001) Serial Number CA Issuer Validity Subject Public Key

  13. Example 2/2 X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE Netscape Cert Type: SSL Client, S/MIME, Object Signing X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement Netscape Comment: Certificat GRID-FR. Pour toute information se reporter à http://igc.services.cnrs.fr/GRID-FR/ X509v3 Subject Key Identifier: C6:89:EF:A4:82:41:0A:3A:CB:EB:BE:36:69:35:AA:CB:27:E6:15:CC X509v3 Authority Key Identifier: keyid:77:49:79:C1:F6:BB:92:F0:EC:08:C3:EE:D1:9C:B0:77:10:8C:93:2F DirName:/C=FR/O=CNRS/CN=CNRS-Projets serial:0C X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.10813.1.1.8.1.0 X509v3 Subject Alternative Name: email:alice.de-bignicourt@urec.cnrs.fr X509v3 CRL Distribution Points: URI:http://crls.services.cnrs.fr/GRID-FR/getder.crl 1.3.6.1.4.1.7650.1: unicoreClient Signature Algorithm: md5WithRSAEncryption a6:35:3a:d8:50:2c:ab:d8:8e:67:fd:54:cf:9c:65:76:1d:31 ../.. Use of the certificate Version of the CA’s CP/CPS E-mail address CRL

  14. Information in the X509 certificate • Information • Subject = Distinguish Name (DN) • Identifier in the Grid • Lifetime • Date not bedore • Date not after • Extensions  the use of the certificate • Common filename extensions for X.509-certificates are : • .PEM • 2 files : public key, private key protected • .P7C - PKCS#7 • Certificates or CRLs • .P12 - PKCS#12 • 1 file : 2keys, protected • Also : CER DER P7B

  15. How to obtain a GRID-FR certificate ? • Requestor • Generates : • private key • public key • Sends public key • RA (Registration Authority = GRID-FR manager) to verify & valid • Public key is signed and certificate issued • Requestor get back the certificate

  16. Outline • Requirement to access to the GRID • GRID-FR CA • Certificate • Statistics

  17. GRID-FR Statistics • Valide certificates (On June 7th 2007)

  18. GRID-FR Statistics

  19. GRID-FR Statistics

  20. GRID-FR Statistics - Countries

  21. Question ?

More Related