PKI/X509 Profile

X.509 CRL ํ”„๋กœํŒŒ์ผ

JayKim๐Ÿ™‚ 2022. 11. 21. 18:55

CRL(Certificate RevocationList) ๊ตฌ์กฐ

CRL ํ”„๋กœํŒŒ์ผ

* CRL Entry Extension

Reason Code
์ธ์ฆ์„œ ํ์ง€ ๋ฐ ํšจ๋ ฅ์ •์ง€์˜ ์‚ฌ์œ  ์ •์˜

* CRL Extension

Authority Key Identifier
๋ฐœ๊ธ‰์ž๊ฐ€ ๋ณต์ˆ˜์˜ ์ „์ž์„œ๋ช…ํ‚ค๋ฅผ ๊ฐ€์ง€๊ณ  ์žˆ์„ ๋•Œ, ๊ณต๊ฐœํ‚ค๋ฅผ ๊ตฌ๋ถ„ํ•˜๊ธฐ ์œ„ํ•œ ๋ชฉ์ 
ํ‚ค์‹๋ณ„์ž(์ผ๋ฐ˜์ ์œผ๋กœ ๋ฐœ๊ธ‰์ž ๊ณต๊ฐœํ‚ค ํ•ด์‰ฌ๊ฐ’), ๋ฐœ๊ธ‰์ž๋ช…, ๋ฐœ๊ธ‰์ž ์ธ์ฆ์„œ ์ผ๋ จ๋ฒˆํ˜ธ๋กœ ๊ตฌ์„ฑ

CRL Number
์‚ฌ์šฉ์ž๋กœ ํ•˜์—ฌ๊ธˆ ํŠน์ • CRL์ด ๋‹ค๋ฅธ CRL์— ์šฐ์„ ํ•˜๋Š”์ง€ ๊ฒฐ์ •ํ•  ์ˆ˜ ์žˆ๋„๋ก ํ•จ
๋‹จ์กฐ์ฆ๊ฐ€ํ•˜๋Š” ์–‘์˜ ์ •์ˆ˜

Issuing Distribution Point
ํ•ด๋‹น CRL์— ๋Œ€ํ•œ ๋ถ„๋ฐฐ์ ์„ ์‹๋ณ„ํ•˜๊ณ  ํŠน์ • CRL์— ๋Œ€ํ•œ ๋ฒ”์œ„๋ฅผ ์ง€์ •ํ•จ

CRL ASN.1 Syntax

* RFC 3280 ์—์„œ CRL ASN.1 ์ฃผ์š” ์ •๋ณด ๋ถ€๋ถ„
RFC3280 ์— ์ •์˜ ๋œ CRL ๊ตฌ์กฐ์— ๋Œ€ํ•œ ASN.1 Syntax ์˜ ์ผ ๋ถ€๋ถ„์ด๋‹ค.

-- CRL structures

CertificateList  ::=  SEQUENCE  {
     tbsCertList          TBSCertList,
     signatureAlgorithm   AlgorithmIdentifier,
     signature            BIT STRING  }

TBSCertList  ::=  SEQUENCE  {
     version                 Version OPTIONAL,
                                  -- if present, MUST be v2
     signature               AlgorithmIdentifier,
     issuer                  Name,
     thisUpdate              Time,
     nextUpdate              Time OPTIONAL,
     revokedCertificates     SEQUENCE OF SEQUENCE  {
          userCertificate         CertificateSerialNumber,
          revocationDate          Time,
          crlEntryExtensions      Extensions OPTIONAL
                                         -- if present, MUST be v2
                               }  OPTIONAL,
     crlExtensions           [0] Extensions OPTIONAL }
                                         -- if present, MUST be v2

-- Version, Time, CertificateSerialNumber, and Extensions were
-- defined earlier for use in the certificate structure

* CRL BER ์ธ์ฝ”๋”ฉ ๊ฐ’ ์˜ˆ์ œ ๋ณด๊ธฐ

๋ฐ˜์‘ํ˜•

'PKI > X509 Profile' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[X.509] ์ธ์ฆ์„œ ์ฃผ์ฒดํ‚ค ์‹๋ณ„์ž(Subject Key Identifier) ์™€ ๊ธฐ๊ด€ํ‚ค ์‹๋ณ„์ž(Authority Key Identifier)  (0) 2023.07.13
[X.509] ์ธ์ฆ์„œ ๊ธฐ๋ณธ ์ œํ•œ(Basic Constraints)์— ๋Œ€ํ•ด์„œ  (0) 2023.07.06
[X.509] ์ธ์ฆ์„œ ํ‚ค ์šฉ๋„(KeyUsage) ์„ค๋ช…  (0) 2023.06.28
[X509] ์ธ์ฆ์„œ DN ( Distinguished Name ) ์ด๋ž€?  (0) 2023.06.13
X.509 ์ธ์ฆ์„œ ํ”„๋กœํŒŒ์ผ  (0) 2022.11.21

'PKI/X509 Profile'์˜ ๋‹ค๋ฅธ๊ธ€

  • ํ˜„์žฌ๊ธ€X.509 CRL ํ”„๋กœํŒŒ์ผ

๊ด€๋ จ๊ธ€

๋Œ“๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”