¼«ÂÄÍî¤Êµ»½Ñ¼Ô¤ÎÆüµ­

´ðËܤ϶ô¤Ã¤Æ¤ë¤«°û¤ó¤Ç¤ë¤«¤Ç¤¹¤¬¡¢¤è¤¯¼ñÌ£¤Ç¥«¥é¥ª¥±¡¦PKI¡¦½ð̾¡¦Ç§¾Ú¡¦¥×¥í¥°¥é¥ß¥ó¥°¡¦¾ðÊ󥻥­¥å¥ê¥Æ¥£¤ò¤ä¤Ã¤Æ¤¤¤Þ¤¹¡£Î¹¹¥¤­¡£¥Æ¥ì¥Ó¹¥¤­¤Ç·ÝǽÄÌ

¼±ÊÌ̾

X.509¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤Ê¤É¤Ç»È¤ï¤ì¤ëMulti-valued RDN¤Èjsrsasign¤Î¥µ¥Ý¡¼¥È¤Ë¤Ä¤¤¤Æ

µ×¡¹¤Ë¤Á¤ç¤Ã¤ÈPKI´ØÏ¢¥Í¥¿¤Ç¤¹¡£¤¤¤ï¤æ¤ë¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ(X.509¾ÚÌÀ½ñ)¤Ë¤Ï¡¢¼çÂμÔ̾(Subject Name)¤äȯ¹Ô¼Ô̾(Issuer Name)¤Ë¼±ÊÌ̾(DN: Distinguished Name)¤ò»È¤¤¤Þ¤¹¡£Î㤨¤Ð¡¢

CN=yourname@example.com,O=example,C=JP
¤Î¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡£¥«¥ó¥Þ¤Ç¶èÀڤä¿°ì¤Ä°ì¤Ä¤òÁêÂм±ÊÌ̾(RDN: Relative Distinguished Name)¤È¸Æ¤ó¤Ç¤¤¤Þ¤¹¡£
O=example
°ìÈÌŪ¤Ë¤ÏÁêÂм±ÊÌ̾(RDN)¤Ï¡¢¡Ö°ì¤Ä¤Î¡×°À­¥¿¥¤¥×¤È°À­ÃͤΥڥ¢(AttributeTypeAndValue) ¤è¤ê¹½À®¤µ¤ì¤Þ¤¹¡£
°À­¥¿¥¤¥×=°À­ÃÍ
O=example
¤¿¤À¡¢¡Ö°ìÈÌŪ¤Ë¤Ï¡×¤È½ñ¤¤¤¿Ä̤ꡢRDN¤Ë¤Ä¤¤¤ÆÊ£¿ô¤ÎAttributeTypeAndValue¤ò»ý¤Ä¤³¤È¤â²Äǽ¤Ç¤¹¡£¤³¤ì¤òMulti-valued RDN¤È¸Æ¤ó¤Ç¤ª¤ê¡¢¥×¥é¥¹"+"µ­¹æ¤Ç¤Ä¤Ê¤¤¤Ç°Ê²¼¤Î¤è¤¦¤Ëɽ¸½¤·¤Þ¤¹¡£
°À­¥¿¥¤¥×1=°À­ÃÍ1+°À­¥¿¥¤¥×2=°À­ÃÍ2...
CN=User1+serialNumber=123
Google¤È¤«¤Ç¡ÖMulti-valued RDN¡×¤Ç¸¡º÷¤¹¤ë¤È¤ï¤«¤ë¤È»×¤¦¤ó¤Ç¤¹¤¬¡¢±Ñ¸ì¤Ç¤Ï·ë¹½¤¢¤ë¤Î¤Ë¡¢ÆüËܸì¤Ç¿¨¤ì¤Æ¤¤¤ëµ­»ö¤Ã¤Æ¡¢¼«Ê¬¤Î¥Ö¥í¥°°Ê³°¤ß¤Ä¤«¤é¤Ê¤¤¤ß¤¿¤¤¤Ê¤ó¤Ç¤¹¤è¤Í¡£ º£Æü¤Ï¡¢ÀÛºî¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê jsrsasign ¤ä OpenSSL ¤ò»È¤¤¤Ê¤¬¤é¡¢¾ÚÌÀ½ñ¼±ÊÌ̾¤ÎMulti-valued RDN¤ä¡¢¼±ÊÌ̾¤Ë¤Ä¤¤¤Æ·¡¤ê²¼¤²¤Æ¤ß¤¿¤¤¤Þ¤¹¡£

¥¨¥ó¥È¥ê¤È¼±ÊÌ̾

LDAP¤ä¡¢¤½¤Î¸µ¤È¤Ê¤Ã¤Æ¤¤¤ëX.500¥Ç¥£¥ì¥¯¥È¥ê¥µ¡¼¥Ó¥¹¤Ç¤Ï¡Ö¥¨¥ó¥È¥ê¡×¤Î¥Ä¥ê¡¼¹½Â¤¤Ë¤è¤ê¾ðÊó¤ò´ÉÍý¤·¡¢Î㤨¤Ð²ñ¼Ò¡¢ÉôÌç¡¢¼Ò°÷¤Ï°Ê²¼¤Î¤è¤¦¤Ë´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
¿Þ1
LDAP¤Ç¤Ï¡¢¤¢¤ë¥¨¥ó¥È¥ê¤òÆÃÄꤹ¤ë¤¿¤á¤Ë¡Ö¡û¡ß¾¦»ö¡×¤Î¡ÖÁí̳Éô¡×¤Î¡Öº´Æ£Æóϯ¡×¤µ¤ó¤È¤¤¤¦ÆÃÄê¤Î»ÅÊý¤ò¤·¤Þ¤¹¡£¥¨¥ó¥È¥ê¤Î̾Á°¡¢¡ÖÁí̳Éô¡×¤ä¡Öº´Æ£Æóϯ¡×¤È¤¤¤¦Ãͤϡ¢Â°À­¥¿¥¤¥×¤È¤¤¤¦·¿¤ò¤Ä¤±¤ë¤³¤È¤¬¤Ç¤­¡¢ÁÈ¿¥Ì¾(O: Organization Name)¡¢Éô½ð̾(OU: Organizational Unit Name)¡¢°ìÈÌ̾(CN: Common Name)¤Ê¤É¤Î¥¿¥¤¥×¤¬¤¢¤ê¤Þ¤¹¡£
¿Þ2
Î㤨¤Ð¡¢±Ä¶È¤ÎÎëÌÚ¤µ¤ó¤òÆÃÄꤹ¤ë¤È¤­¤Ë°ìÈÖ¾å¤Þ¤Ç¤Î¥¨¥ó¥È¥ê¤òé¤Ã¤Æ¡¢°Ê²¼¤Î¤è¤¦¤Ëɽ¸½¤·¤Þ¤¹¡£¤³¤ì¤ò¡Ö¼±ÊÌ̾(DN: Distinguished Name)¡×¤È¸Æ¤Ó¤Þ¤¹¡£¤³¤ì¤Ë¤è¤ê¾¤ÎÉô½ð¤ÎSuzuki¤µ¤ó¤È¤â¶èÊ̤Ǥ­¤Þ¤¹¡£

CN=Suzuki,OU=Sales,O=MaruBatsu
¼±ÊÌ̾¤Î¤¦¤Á¡¢¡ÖOU=Sales¡×¤Î¤è¤¦¤Ë¥¨¥ó¥È¥ê¤Î´Ý¤ÎÃæ¤òÁêÂм±ÊÌ̾(RDN: Relative Distinguished Name)¤È¸Æ¤Ó¤Þ¤¹¡£

¤Þ¤¿¡¢¤³¤Î¥¨¥ó¥È¥ê¤Î¥Ä¥ê¡¼¹½Â¤¤òDIT(Directory Information Tree)¤È¸Æ¤Ó¤Þ¤¹¡£

Muti-valued RDN¤È¤Ï¡©¤Ê¤¼É¬Íפ«¡©

¾åµ­¤ÇÀâÌÀ¤·¤¿¼±ÊÌ̾(DN)¤Ç¡¢Æ±¤¸±Ä¶ÈÉô¤ËÎëÌÚ²Ö»Ò¤µ¤ó¤¬Æó¿Í¤¤¤¿¤é¤É¤¦¤·¤Þ¤·¤ç¤¦¡£°ìÈÌ̾¤Ë¶èÊ̤¹¤ë¤¿¤á¤Î¿ô»ú¤òÄɲä·¤¿¤ê¡¢ÄɲäÎÃͤȤ·¤Æ¡¢¼Ò°÷ÈÖ¹æ¤ä¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ç¶èÊ̤¹¤ë¤³¤È¤â¤Ç¤­¡¢¥¨¥ó¥È¥ê¤òÄɲ䷤ƤâÎɤ¤¤Î¤Ç¤¹¤¬¡¢¤É¤ì¤â¥¤¥Þ¥¤¥Á¡£
¿Þ3
¤½¤³¤Ç¡¢°ì¤Ä¤Î¥¨¥ó¥È¥ê¤ËÊ£¿ô¤ÎÃͤò¤Ä¤±¤Æ¼±Ê̤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£¤³¤ì¤ò Multi-valued RDN¤È¸Æ¤ó¤Ç¤¤¤Þ¤¹¡£
¿Þ4
ƱÀ­Æ±Ì¾¤Î¿Í¤Ï¿ʬ¤¤¤ë¤Ç¤·¤ç¤¦¤«¤é¡¢¼Ò°÷ÈÖ¹æ¤ä¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ê¤É¾¤Î°ì°Õ¤Ê¤â¤Î¤ÈÁȤ߹ç¤ï¤»¤Æ´ÉÍý¤¹¤ë¤Î¤Ï¥¹¥Þ¡¼¥È¤Ê´ÉÍýÊýË¡¤À¤È»×¤¤¤Þ¤¹¤·¡¢°ìÉô¤Î¾¦ÍѤΥǥ£¥ì¥¯¥È¥ê¥µ¡¼¥Ð¡¼À½ÉʤǤϡ¢ÍøÍѼԿô¥Ù¡¼¥¹¤Ç¥é¥¤¥»¥ó¥¹²Ý¶â¤¹¤ë¤¿¤á¤Ë¡¢¥¨¥ó¥È¥ê¿ô¤ò»È¤¦¤â¤Î¤â¤¢¤ê¤Þ¤¹¤Î¤Ç¡¢Multi-valued RDN¤ò»È¤¦¤³¤È¤Ë¤è¤Ã¤Æ¥³¥¹¥Èºï¸º¤òÁÀ¤¦¤³¤È¤â¤Ç¤­¤Þ¤¹¡£¤¿¤À¡¢Multi-valued RDN¤Ï¡¢¤¹¤Ù¤Æ¤ÎÀ½ÉʤǻȤ¨¤ë¤È¤¤¤¦¤â¤Î¤Ç¤â¤Ê¤¤¤Î¤Ç(Î㤨¤Ð¡¢¤È¤¢¤ëÀ½ÉʤΥ¹¥Þ¡¼¥È¥«¡¼¥É¤È¤«802.1Xǧ¾Ú¤È¤«¤Ç¸å¤Ë¤Ê¤Ã¤ÆÌäÂê¤Ë¤Ê¤Ã¤¿¤³¤È¤¬¤¢¤ê¤Þ¤·¤¿¤è¤Í¡¢¡¢¡¢)ËÜÅö¤Ë»È¤Ã¤Æ¤·¤Þ¤Ã¤Æ¤è¤¤¤«¤É¤¦¤«¤Ï¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÈÁêÃ̤·¤Æ·è¤á¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£

¼±ÊÌ̾¤Îʸ»úÎóɽ¸½

¼±ÊÌ̾¤Îʸ»úÎóɽ¸½¤Ë¤Ï¤¶¤Ã¤¯¤ê2¤Ä¤Îɽ¸½¤¬¤¢¤ê¤Þ¤¹¡£

CN=Matsuda Kenji,OU=Sales,O=MaruBatsu
/O=MaruBatsu/OU=Sales/CN=Matsuda Kenji
DIT¤Î¥Ä¥ê¡¼¹½Â¤¤Î²¼¤«¤é½ç¤Ë¥«¥ó¥Þ","¤Ç¤Ä¤Ê¤¤¤ÀÊýË¡¤È¡¢¾å¤«¤é½ç¤Ë¥¹¥é¥Ã¥·¥å"/"¤Ç¤Ä¤Ê¤°ÊýË¡¤Ç¤¹¡£

¥«¥ó¥Þ¤ÇµÕ½ç¤Ë¤Ä¤Ê¤°ÊýË¡¤ÏRFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names¤ä¸å·Ñ¤Î4514¤Çµ¬Äꤵ¤ì¤Æ¤¤¤Þ¤¹¡£LDAP¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¥½¥Õ¥È¥¦¥§¥¢¤Ç¤Ï°ìÈÌŪ¤Ë»È¤ï¤ì¤Æ¤¤¤ëÊýË¡¤Ç¤¹¡£

¤â¤¦°ìÊý¤Î¡¢ÀèƬ¤Ë¥¹¥é¥Ã¥·¥å¤òÉÕ¤±¡¢¥¹¥é¥Ã¥·¥å¤ÇÀµ½ç¤Ç¤Ä¤Ê¤°ÊýË¡¤ÏOpenSSL compat¥Õ¥©¡¼¥Þ¥Ã¥È¤È¸Æ¤Ð¤ì¡¢OpenSSL¤Çɸ½àŪ¤Ë»È¤ï¤ì¤ë¤È¤È¤â¤Ë¡¢OpenSSL·Ï¤Î¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤Ç¤¢¤ëApache HTTP Server¡¢nginx¡¢lighttpd¤Ê¤É¤ÎÀßÄê¤Ê¤É¤Ç»È¤ï¤ì¤ëÊýË¡¤Ç¤¹¡£

Multi-valued RDN¤Î¾ì¹ç¤Ë¤Ï¡¢¤É¤Á¤é¤Î·Á¼°¤Ç¤âÃͤò¥×¥é¥¹"+"µ­¹æ¤Ç¤Ä¤Ê¤¤¤Çɽ¸½¤·¤Þ¤¹¡£

CN=Matsuda Kenji+emailAddress=matsu@mb.com,OU=Sales,O=MaruBatsu
/O=MaruBatsu/OU=Sales/CN=Matsuda Kenji+emailAddress=matsu@mb.com
¥×¥é¥¹¤Ç·Ò¤¬¤ì¤¿ÃͤÎɽ¼¨½ç½ø¤Ë¤Ä¤¤¤Æ¤Ï¡¢Æä˷è¤Þ¤ê¤Ï̵¤¤¤Èǧ¼±¤·¤Æ¤ª¤ê¡¢°Ê²¼¤ÎMulti-valued RDN¤ÇCN¤ÈemailAddress¤Î¤É¤Á¤é¤òÀè¤Ë¤·¤Æ¤âÎɤ¤¤Ï¤º¤Ç¤¹¡£¤³¤ì¤¬¤É¤Î¤è¤¦¤ËASN.1¤Ç¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤«¤Ï¸å¤Ç½Ò¤Ù¤Þ¤¹¡£
CN=Matsuda Kenji+emailAddress=matsu@mb.com
emailAddress=matsu@mb.com+CN=Matsuda Kenji

¼¡¤ËCN¤äOU¤Ê¤É¤Î°À­¥¿¥¤¥×¤Îʸ»úÎóɽ¸½¤Ç¤¹¤¬¡¢¤É¤Î¤è¤¦¤Ëɽµ­¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤¤¤È¤¤¤Ã¤¿¸·³Ê¤Êɸ½à¤Ï¤Ê¤¯¡¢¼ÂÁõ¤â¥Ð¥é¥Ð¥é¤Ç¤¢¤ë¤³¤È¤¬¤ï¤«¤Ã¤Æ¤¤¤Þ¤¹¡£8ǯÁ°¤ËXAdESĹ´ü½ð̾¤Ë´ØÏ¢¤·¤Æ¡¢¼±ÊÌ̾¤ÎÃæ¤Î°À­¥¿¥¤¥×¤Îɽµ­¤Î¼ÂÁõ¾õ¶·¤Ë¤Ä¤¤¤ÆÄ´ºº¤·¤Æ¤ª¤ê¡¢¤½¤Î»þ¤Ë¤Þ¤È¤á¤¿É½¤òºÆ·Ç¤·¤Þ¤¹¡£
RFC2253¥Æ¥¹¥È1°À­¥¿¥¤¥×̾¤Î¥Æ¥¹¥È
X.509¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤òÄê¤á¤¿RFC 5280¤Î4.1.2.4Àá ȯ¹Ô¼Ô̾(Issuer)¤Ç¤Ï¡¢¼±ÊÌ̾¤Î°À­¥¿¥¤¥×¤È¤·¤ÆÂбþ¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤(MUST)¥ê¥¹¥È¤È¡¢Âбþ¤¹¤Ù¤­(SHOULD)°À­¥¿¥¤¥×¤Î¥ê¥¹¥È¤¬·ÇºÜ¤µ¤ì¤Æ¤ª¤ê¡¢É½Ãæ¤Ç¤ÏMUST¤ò²«ÎС¢SHOULD¤ò²«¿§¡¢¤½¤Î¾¡¢¾ÚÌÀ½ñ¤Ç¼ÂºÝ¤Ë»È¤ï¤ì¤ë¤³¤È¤Î¤¢¤ë°À­¥¿¥¤¥×¤Î¥ê¥¹¥È¤òÇò¤È¤·¡¢.NET¤ä³Æ¼ïJava¥Ù¡¼¥¹¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê¤Ç¤É¤Î¤è¤¦¤Ë°À­¥¿¥¤¥×¤¬É½µ­¤µ¤ì¤ë¤«¤ò¥Æ¥¹¥È¤·¤Þ¤·¤¿¡£É½¤ò¸«¤ì¤Ð¤ï¤«¤ë¤È¤ª¤ê¡¢·ë²Ì¤Ï¤«¤Ê¤ê¥Ð¥é¥Ð¥é¤Ç¤¹¡£¤Þ¤¿¡¢S/MIME¤Î¤¿¤á¤Ë»ÈÍѤµ¤ì¤ë»ö¤¬¤¢¤ê¡¢¼ÂºÝ¤Î¾ÚÌÀ½ñ¤Ç¤â¤«¤Ê¤ê´Þ¤Þ¤ì¤Æ¤¤¤ëemailAddress¤Î°À­¥¿¥¤¥×¤â¡¢É¸½à¤Ç¤Ï¼ÂÁõ¤òµá¤á¤Æ¤¤¤Ê¤¤¤¿¤á¤ËÂбþ¤Ë¤Ð¤é¤Ä¤­¤¬½Ð¤Æ¤¤¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

º£¡¢¸«Ä¾¤·¤Æ¤ß¤ë¤ÈÅö»þ¤Ï¤Ê¤«¤Ã¤¿EV¾ÚÌÀ½ñÍѤΰʲ¼¤Î°À­¥¿¥¤¥×¤â¡¢º£¤Ê¤é¥Æ¥¹¥È¤¹¤Ù¤­¤À¤Ã¤¿¤«¤Ê¤¡¤È»×¤¤¤Þ¤¹¡£

  • jurisdictionOfIncorporationL - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(»ÔĮ¼)
  • jurisdictionOfIncorporationSP - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(ÅÔÆ»Éܸ©)
  • jurisdictionOfIncorporationC - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(¹ñ)

¤Þ¤¿¡¢ ¥«¥ó¥Þ¤Ä¤Ê¤®¤Î¼±ÊÌ̾ɽµ­¤Ç¤¢¤ëRFC 2253¤È¤½¤Î¸å·Ñ¤ÎRFC 4584¤Î°ã¤¤¤Ë¤Ä¤¤¤Æ8ǯÁ°¤Îµ­»ö ¤Ç¤Þ¤È¤á¤Æ¤ª¤ê¡¢»ÅÍͤβþÄê¤Ë¤è¤Ã¤Æ¡¢¤è¤ê¼±ÊÌ̾ɽµ­¤¬°ì°Õ¤Ë¤Ê¤ëÊý¸þ¤Ë½¤Àµ¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢ »ÅÍͤÎÃæ¤Ç¡ÖRFC 4514¤Ï¼±ÊÌ̾ʸ»úÎó¤Ï°ì°Õ¤Ë¤Ê¤é¤Ê¤¤(=Àµµ¬²½¤·¤Ê¤¤)¡×¤È¤¤¤¦ »ö¤¬ÌÀµ­¤µ¤ì¤Æ¤ª¤ê¡¢¼±ÊÌ̾ʸ»úÎó¤Ï¡¢ÍÍ¡¹¤Êɽ¸½¤¬µö¤µ¤ì¤Æ¤ª¤ê¡¢ ñ½ã¤Êʸ»úÎóÈæ³Ó¤Ç¤ÏƱ¤¸¤Ç¤¢¤ë¤«¤É¤¦¤«¤òȽÃǤǤ­¤Ê¤¤»ö¤ËÃí°Õ¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£

¼±ÊÌ̾¤ÎASN.1ÄêµÁ¤È¹½Â¤

¼¡¤Ë¡¢¼±ÊÌ̾¤¬¡¢ASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Ë¤è¤ê¡¢¤É¤Î¤è¤¦¤Ë¥Ð¥¤¥ÈÎó¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¤ò¡¢ ÀâÌÀ¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£¤Þ¤ººÇ½é¤Ë¡¢¼±ÊÌ̾¤ÎASN.1ÄêµÁ¤ò¾Ò²ð¤·¤Þ¤·¤ç¤¦¡£ RFC 5280 4.1.2.4 Issuer¤è¤ê

// X.500̾¡¢¼±ÊÌ̾(DN)¤ÏRDN¤ÎʤÓ(SEQUENCE) Name ::= CHOICE { rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName // RDN¤Ï¡¢AttributeTypeAndValue 1¤Ä°Ê¾å¤ÎSET // ¤Ä¤Þ¤ê¡¢Ê£¿ôAttributeTypeAndValue¤¬¤¢¤Ã¤Æ¤â¤è¤¤¡£ // ¤³¤ì¤¬Ê£¿ô¤¢¤ì¤Ð Multi-valued RDN RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue // °À­¥¿¥¤¥×¤È°À­ÃͤΥڥ¢ AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY // °À­ÃͤÏANY¤ÈÄêµÁ¤·¤Æ¤¤¤Ê¤¬¤é¤â¡¢DirectoryString¤Ç // ÄêµÁ¤µ¤ì¤¿¤¤¤º¤ì¤«¤Îʸ»ú¥¿¥¤¥×¤ò»ÈÍѤ¹¤ë DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..MAX)), printableString PrintableString (SIZE (1..MAX)), universalString UniversalString (SIZE (1..MAX)), utf8String UTF8String (SIZE (1..MAX)), bmpString BMPString (SIZE (1..MAX)) }
¤Ä¤Þ¤ê¡¢
  • ¼±ÊÌ̾(DN)¤Ï¡¢ÁêÂм±ÊÌ̾(RDN)¤ÎʤÓ(SEQUENCE OF)¤Ç¤¢¤ê
  • ÁêÂм±ÊÌ̾(RDN)¤Ï¡¢Â°À­¥¿¥¤¥×¤ÈÃÍ(AttributeTypeAndValue)¤Î½¸¹ç(SET OF)¤Ç¤¢¤ê
  • °À­¥¿¥¤¥×¤ÈÃÍ(AttributeTypeAndValue)¤Ï¡¢Â°À­¥¿¥¤¥×¤ÈÃͤÎʤÓ(SEQUENCE)¤Ç¤¢¤ë
¤È¤¤¤¦»ö¤Ç¤¹¡£SEQUENCE¤ÈSET¤Ï¹½Â¤·¿¤È¸Æ¤Ð¤ì¤ëASN.1¥×¥ê¥ß¥Æ¥£¥Ö¤Ç¤¹¤¬¡¢
  • SEQUENCE¤ÏÇÛÎó¤Î¤è¤¦¤Ê¤â¤Î¤Ç¡¢½ç½ø´Ø·¸¤Î¤¢¤ëʤӤòɽ¤¹ºÝ¤Ë»È¤¤¤Þ¤¹¡£
  • SET¤Ï½¸¹ç¤Î¤è¤¦¤Ê¤â¤Î¤Ç¡¢¹½À®Í×ÁǤÎÃæ¤Ë¤ÏÆä˽ç½ø´Ø·¸¤Ï¤Ê¤¤¾ì¹ç¤Ë»È¤¤¤Þ¤¹¡£
¤Ä¤¤¤Ç¤Ë¡¢SEQUENCE¤äSET¤È¡¢SEQUENCE OF ¡Á¡¢SET OF ¡Á¤Î°ã¤¤¤Ç¤¹¤¬¡¢
  • ñ¤ËSEQUENCE¤äSET¤È¤Ê¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢¹½À®Í×ÁǤÎASN.1¥¯¥é¥¹¤¬°Û¤Ê¤ë¾ì¹ç¤Ë »È¤¤¤Þ¤¹¡£¾å¤ÎÎã¤Ç¤ÏAttributeTypeAndValue¤¬¤½¤ì¤ËÅö¤¿¤ê¤Þ¤¹¡£
  • SEQUENCE OF¡¢SET OF¤È¤·¤¿¾ì¹ç¡¢¹½À®Í×ÁǤÎASN.1¥¯¥é¥¹¤¬Æ±¤¸·¿¤Î¾ì¹ç¤Ë »È¤¤¤Þ¤¹¡£¾å¤ÎÎã¤Ç¤Ï¡¢Name¤äRDN¤¬¤½¤ì¤ËÅö¤¿¤ê¤Þ¤¹¡£

¤½¤ì¤Ç¤Ï¡¢Îã¤È¤·¤Æ°Ê²¼¤Î¼±ÊÌ̾¤òASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£

CN=aaa,O=TEST,C=JP
RFC 2253¤Î¾ì¹ç¤Ë¤Ï¡¢µÕ½ç¤ÇRDN¤¬Ê¤֤Τǡ¢°Ê²¼¤Î¤è¤¦¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤Þ¤¹¡£
302A SEQUENCE(30) OF -- DN 310B SET(31) OF -- RDN[1] 3009 SEQUENCE(30) -- AttributeTypeAndValue 0603550406 ObjectIdentifier(06) countryName 13024A50 PrintableString(13) "JP" 310D SET(31) OF -- RDN[2] 300B SEQUENCE(30) -- AttributeTypeAndValue 060355040A ObjectIdentifier(06) organizationName 0C0454455354 UTF8String(0C) "TEST" 310C SET(31) OF -- RDN[3] 300A SEQUENCE(30) -- AttributeTypeAndValue 0603550403 ObjectIdentifier(06) commonName 0C03616161 UTF8String(0C) "aaa"
ASN.1¥Ç¡¼¥¿¤Ï¥Ç¡¼¥¿·¿¤òɽ¤¹¥¿¥°¡¢¥Ð¥¤¥ÈĹ¡¢Ãͥǡ¼¥¿¤è¤ê¹½À®¤µ¤ì¡¢¾å¤ÎÎã¤ÎºÇ¸å¤Î¹Ô¤Ç¤Ï¡¢0C¤¬UTF8String·¿¡¢03¤¬¥Ð¥¤¥ÈĹ(=3)¡¢616161(=aaa)¤¬Ãͤòɽ¤·¤Æ¤¤¤Þ¤¹¡£

¤µ¤Æ¡¢¼¡¤ËMulti-valued RDN¤Î¾ì¹ç¤Ë¤Ï¤É¤Î¤è¤¦¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¡¢²¼¤ÎÎã¤ò¸µ¤Ë¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£¤³¤³¤Ç¤Ï¡¢CN=aaa¤ÈCN=a¤Î2¤Ä¤ÎAttributeTypeAndValue¤¬»ÈÍѤµ¤ì¤Æ¤¤¤Þ¤¹¡£

CN=aaa+CN=a,O=TEST,C=JP
¤³¤ì¤òASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤¹¤ë¤È°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£ºÇ¸å¤ÎRDN¤ËÃíÌܤ·¤Æ¤¯¤À¤µ¤¤¡£CN=a¤ÈCN=aaa¤ÈÆó¤Ä¤ÎAttributeTypeAndValues¤¬¤¢¤ë¤³¤È¤¬³Îǧ¤Ç¤­¤Þ¤¹¡£¤Þ¤¿¡¢¤Þ¤¿¡¢CN=a¤ÈCN=aaa¤Ç¤Ï¡¢É¬¤ºCN=a¤¬Àè¤ËÍè¤ë¤³¤È¤Ë¤âÃíÌܤǤ¹¡£
3034 DN 310B RDN[1] C=JP 3009 0603550406 13024A50 310D RDN[2] O=TEST 300B 060355040A 0C0454455354 3116 RDN[3] CN=aaa+CN=a SEQUENCE(30)¤¬2¤Ä¤¢¤ë 3008 ATV[1] CN=a CN=a¤ÎÊý¤¬Àè¤ËÍè¤Æ¤¤¤ë 0603550403 0C0161 300A ATV[2] CN=aaa 0603550403 0C03616161
¤³¤ÎRDNÃæ¤ÎCN=a¡¢CN=aaa¤Î½ç½ø´Ø·¸¤Ë¤ÏASN.1 DER¤ÈBER¤Î¤Á¤ç¤Ã¤È¤·¤¿°ã¤¤¤¬´Ø·¸¤¬¤¢¤ê¤Þ¤¹¡£DER¤ÏBER¤Î¥µ¥Ö¥»¥Ã¥È¤Ç¤Ê¤ó¤Ç¤¹¤¬¡¢BER¤Ç¤ÏÊ£¿ô¤Îɽ¸½¤¬µö¤µ¤ì¤ë¤Î¤ËÂФ·¡¢DER¤Ç¤Ïɬ¤º°ì°Õ¤Êɽ¸½¤Ë¤Ê¤ê¤Þ¤¹¡£¤½¤Î°ã¤¤¤òɽ¤Ë¤Þ¤È¤á¤Þ¤·¤¿¡£
ASN.1 DERASN.1 BER
³µÍ×ASN.1¤Î°ì°Õ¤Ê¥¨¥ó¥³¡¼¥Éµ¬Â§ASN.1¤Î¥¨¥ó¥³¡¼¥Éµ¬Â§¡£DER¤Î¥¹¡¼¥Ñ¡¼¥»¥Ã¥È¤ÇDER¤Ç¤¢¤ì¤ÐBER
¶¦Ä̤ÎÆÃħÄÌ¿®¤ÎÀ¤³¦¤Ç¤ÏŤ¤Îò»Ë¤Î¤¢¤ë¡¢CPU¤äÀ°¿ô·¿¤Î¥µ¥¤¥º¤ËÀ©¸Â¤µ¤ì¤Ê¤¤¡¢µðÂç¤Ê¥Ç¡¼¥¿¤â°·¤¨¤ë¡¢Ç¤°Õ¤Î¹½Â¤²½¥Ç¡¼¥¿¤ò°·¤¨¤ë¥Ç¡¼¥¿É½¸½¡£XML, JSON¤ËÈæ¤Ù¥³¥ó¥Ñ¥¯¥È¡£
ÍÑÅÓ¾ÚÌÀ½ñ¡¢CRL¡¢OCSP¡¢RFC3161¥¿¥¤¥à¥¹¥¿¥ó¥×S/MIME¥Ç¡¼¥¿¡¢CMS½ð̾¡¦°Å¹æ²½¥Ç¡¼¥¿¡¢PKCS#12
Èæ³Óɬ¤ºÉ½¸½¤Ï°ì°Õ¡£Ä¶µðÂç¤Ê¥Ç¡¼¥¿¤Ç¤âŤµ¤¬Í½¤á¤ï¤«¤Ã¤Æ¤¤¤Ê¤¤¤È¤¤¤±¤Ê¤¤¤Î¤Ç¡¢¥¹¥È¥ê¡¼¥à½èÍý¤Ê¤ÉÉÔ¸þ¤­Ê£¿ô¤Îɽ¸½¤¬¤¢¤ë¡£Ä¶Â礭¤Ê¥Ç¡¼¥¿¤Ç¤â¼è¤ê°·¤¤²Äǽ
SETÍ×ÁǤΥХ¤¥ÈÎó¤Ç¾º½ç¥½¡¼¥È¤¹¤ë¥½¡¼¥È¤·¤Ê¤¯¤ÆÎɤ¤
BOOLEANTRUE¤Î¤ß»È¤¨¡¢FALSE¤Ï¾Êά¤¹¤ë¤è¤¦¥¯¥é¥¹ÄêµÁTRUE¡¢FALSE¤¬»È¤¨¤ë
ÉÔÄêĹɽ¸½Ä¹¤µÉ½¸½¤Ï°ì°Õ¤Ç¡¢Í½¤á¥Ç¡¼¥¿¥µ¥¤¥º¤¬¤ï¤«¤Ã¤Æ¤¤¤Ê¤¤¤È¤¤¤±¤Ê¤¤¡£Ä¹¤µÉ½¸½¤ÇÉÔÄêĹɽ¸½¤¬»È¤¨¡¢Ä¹¤µ¤ò8000¤È¤·¤¿¾ì¹ç¤½¤ì¤Ï³«»Ïµ­¹æ¤Ç0000¤¬Â³¤¯¤Þ¤Ç°ì¤Ä¤ÎÍ×ÁǤǤ¢¤ê¡¢Â礭¤Ê¥Ç¡¼¥¿¤â°·¤¤¤ä¤¹¤¤¡£
°Ê¾å¤Î¤è¤¦¤Ê°ã¤¤¤¬¤¢¤ê¡¢SET¤Î°ã¤¤¤Ë¤è¤êMulti-valued RDN¤ÎSET OF¤Î½ç½ø¤¬·è¤Þ¤Ã¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¡£

SET¤ÎÍ×ÁǤϡ¢³ÆÍ×ÁǤòASN.1¥¨¥ó¥³¡¼¥É¤·¤¿¤È¤­¤Î¾º½ç¤Î¼­½ñ½ç¤Ç¥½¡¼¥È¤µ¤ì¡¢¤¶¤Ã¤¯¤ê¸À¤¨¤Ð¡¢

  • Í×ÁǤÎû¤¤ÊªÄøÀè
  • Ʊ¤¸Ä¹¤µ¤Ê¤é°À­¥¿¥¤¥×¤ÎŤµ¤¬Ã»¤¤Êý¤¬Àè
¤È¤¤¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Îã¤Ç¤ß¤Æ¤ß¤Þ¤·¤ç¤¦¡£
3008 0603550403 0C0161 CN=a 300A 0603550403 0C03616161 CN=aaa ^^ Á´ÂΤÎŤµL¤¬08, 0A¤Î½ç¤Ë¤Ê¤ë¤Î¤ÇƱ¤¸Â°À­¥¿¥¤¥×Ĺ¤Ê¤é°À­ÃͤÎû¤¤Êý¤¬Àè C,O,OU,CN¤Ê¤É¼çÍפÊ°À­¥¿¥¤¥×¤ÏOID¤ÎÃͤ¬2.5.4.x¤Ë¤Ê¤ë¤Î¤ÇƱ°ì°À­¥¿¥¤¥×Ĺ
Á´ÂΤÎŤµ¤¬Æ±¤¸»þ¡¢
^^ Á´ÂΤÎŤµ¤ÏƱ¤¸¤Ê¤é 3011 0603550403 0C0A6162636465666768696A CN=abcdefghij 3011 060B2B0601040182373C020103 0C024A50 jurisdictionOfIncorporateC=JP ^^ °À­¥¿¥¤¥×¤ÎÃͤÎû¤¤Êý¤¬Àè

OpenSSL¤ÎMulti-valued RDNÂбþ

OpenSSL¤ÏMULTI-valued RDN¤ËÂбþ¤·¤Æ¤ª¤ê¡¢"-multivalue-rdn"¤ò¤Ä¤±¤ë¤À¤±¤Ç¤¹¡£ Î㤨¤Ð¡¢´û¸¤ÎÈëÌ©¸°¤Ç¥ï¥ó¥é¥¤¥Ê¡¼¤ÇMulti-valued RDN¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºî¤ê¤¿¤¤»þ

openssl genrsa 2048 > a.prv
openssl req -new -key a.prv -x509 -subj /C=JP/O=Test/OU=b+CN=a -out c.cer -multivalue-rdn
Multi-valued RDN¤Î¾ÚÌÀ½ñȯ¹ÔÍ×µá¤òºî¤ê¤¿¤¤¤È¤­
openssl req -new -key a.prv -subj /C=JP/O=Test/OU=b+CN=a -out c.csr -multivalue-rdn
¤È¤Ê¤ê¤Þ¤¹¡£

jsrsasign¤ÎMulti-valued RDNÂбþ

jsrsasign¤Ï¡¢»ä¤¬¼ñÌ£¤Çºî¤Ã¤¿Pure JavaScript¤Ë¤è¤ë°Å¹æ¥é¥¤¥Ö¥é¥ê¤Ç¤·¤Æ¡¢2010ǯ¤°¤é¤¤¤«¤é¥Ü¥Á¥Ü¥Á²Ë¤ò¸«¤Ä¤±¤Æ¤ÏºòÆü¤òÄɲ䷤Ƥª¤ê¡¢ºÇ½é¤ÏRSA½ð̾¤À¤±¤À¤Ã¤¿¤â¤Î¤¬¡¢ASN.1¤ä¾ÚÌÀ½ñ¤ä¥¿¥¤¥à¥¹¥¿¥ó¥×¤äJOSE¤Ê¤ó¤«¡¢¼«Ê¬¤¬¡ÖÍߤ·¤¤¤Ê¡×¤È»×¤Ã¤¿»þ¤ËÁýÃÛ¤ò·«¤êÊÖ¤·¤Æ¤ª¤ê¡¢PKI¤äASN.1¤äJOSE(JWS,JWT,JWK)´Ø·¸¤Ç¤Á¤ç¤Ã¤È»î¤·¤¿¤¤¤Ê¤È»×¤Ã¤¿»þ¤Ë½ÅÊõ¤·¤Æ¤¤¤Þ¤¹¡£

¥¦¥§¥Ö¥Ö¥é¥¦¥¶¾å¤Ç¤â¡¢Node¤Ç¤â»È¤¨¡¢API¥É¥­¥å¥á¥ó¥È¤ä¥µ¥ó¥×¥ë¤â½¼¼Â¤µ¤»¤Æ¤¤¤ë¤Î¤Ç¡¢·ë¹½¥æ¡¼¥¶¤ÏÀ¤³¦Ãæ¤Ë¤¤¤¿¤ê¡¢ºÇ¶á¤ÏSONY¤ä²£²Ï(¤ä¾¡¼ê¤Ë¤¦¤Á¤Î²ñ¼Ò¡Ê¡°¡°¡¨)¤Î¥Ï¡¼¥É¥¦¥§¥¢¾¦ÉʤǤâ»È¤ï¤ì¤Æ¤¤¤ë¤³¤È¤¬È¯³Ð¤·¤¿¤ê¡¢Node¤Înpm¥Ñ¥Ã¥±¡¼¥¸¤Ï·î´Ö10Ëü¼å¤Î¥À¥¦¥ó¥í¡¼¥É¤¬¤¢¤ë¤è¤¦¤Ç¡¢¥Û¥ó¥È¤¢¤ê¤¬¤¿¤¤ÏäǤ¹¡£

JavaScript¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê¤ÎAPI¤È¤·¤Æ¤Ï¡¢W3C Web Crypto API¤Ê¤É¤¢¤ë¤ó¤Ç¤¹¤¬¡¢¥â¥Ð¥¤¥ë¥Ö¥é¥¦¥¶¤Ç¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤¥±¡¼¥¹¤¬¤¢¤Ã¤¿¤ê¡¢¸Å¤¤°Å¹æ¤¬»È¤¨¤Ê¤«¤Ã¤¿¤ê¡¢¤Á¤ç¤Ã¤È½ñ¤³¤¦¤È»×¤Ã¤Æ¤â²¿¹Ô¤â½ñ¤«¤Ê¤±¤ì¤Ð¤¤¤±¤Ê¤«¤Ã¤¿¤ê¡¢ÌÌÅݤ¯¤µ¤¤¤ó¤Ç¤¹¤è¤Í¡£¤½¤³¤Ç¡¢jsrsasign¤Ç¤Ï¡¢¡Ö¤Ê¤ë¤Ù¤¯¾¯¤Ê¤¤¹Ô¿ô¤Ç¤ä¤ê¤¿¤¤»ö¤¬¤Ç¤­¤ë¡×¤Ã¤Æ¤¤¤¦¤Î¤òÌÜɸ¤Ë¤·¤Æ¤¤¤Æ¡¢Î㤨¤Ð¸°¤Ê¤ó¤«¤ÏÈëÌ©¸°¤Ç¤â¸ø³«¸°¤Ç¤âPKCS#5¤Ç¤âPKCS#8¤Ç¤âJSON Web Key¤Ç¤â¤Ê¤ó¤Ç¤âKEYUTIL.getKey¤ËÅϤ·¤Æ¤·¤Þ¤¨¤ÐŬÅö¤Ë½èÍý¤·¤Þ¤¹¡£¤Þ¤¿¡¢PC¤Ç¤â¥¹¥Þ¥Û¤Ç¤âNode¤Ç¤â¡¢Â¿¾¯¸Å¤¤´Ä¶­¤Ç¤âJavaScript¤µ¤¨Æ°¤±¤Ð»È¤¨¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤Þ¤¿¡¢API¥É¥­¥å¥á¥ó¥È¤ä¥Á¥å¡¼¥È¥ê¥¢¥ë¤Î»ñÎÁ¤â¤Ç¤­¤ë¸Â¤ê½áÂô¤ËÍÑ°Õ¤·¤¿¤Ä¤â¤ê¤Ç¤¹¡£

³ä¤ÈºÇ¿·¤ÎÏäޤÇÆþ¤Ã¤Æ¤¤¤ë±Ñ¸ì¤ÎÆþÌ祹¥é¥¤¥É¤¬¤¢¤Ã¤¿¤ê¡¢
slidee
¤Þ¤¿¤Á¤ç¤Ã¤È¸Å¤¤¤Ç¤¹¤¬¡¢2013ǯ¤ËJNSA¤ÎWG¤Ç¤ªÏä·¤¿jsrsasign¤Èjsjws¤¬Ê̤γ«È¯¥é¥¤¥ó¤À¤Ã¤¿»þ¤ÎÆþÌ祹¥é¥¤¥É ¤¬¤¢¤ë¤Î¤Ç¤è¤«¤Ã¤¿¤é»²¹Í¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
slidej

¥É¥­¥å¥á¥ó¥ÈÎà¤ÏÀÛ¤¤±Ñ¸ì¤Î¤â¤Î¤·¤«¤Ê¤¯¤Æ¿½¤·Ìõ¤Ê¤¤¤Ç¤¹¤¬¡¢ÌäÂê¤È¤«¤¢¤ì¤Ð¡¢Issue¤Ë¤ÏÆüËܸì¤ÇÆþ¤ì¤Æ夤¤Æ¹½¤ï¤Ê¤¤¤Î¤ÇÆþ¤ì¤Æ失¤ì¤Ð¤È»×¤¤¤Þ¤¹¡£

¤Ç¡¢jsrsasign¤òMulti-valued RDNÂбþ¤µ¤»¤¿¤ê¡¢¥«¥ó¥Þ·Ò¤®DNÂбþ¤·¤¿¤¤¤Ê¤È»×¤Ã¤Æ¤¤¤Æ¡¢¤è¤¦¤ä¤¯6.2.2¤ò¥ê¥ê¡¼¥¹¤·¤¿ºÇ¶á¤Ë¤Ê¤Ã¤Æ¤«¤éÂбþ¤µ¤»¤Þ¤·¤¿¡£ Î㤨¤Ð¡¢Multi-valued RDN¤Î¼±ÊÌ̾¤¬¤É¤Î¤è¤¦¤ËASN.1 DER¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¤Ê¤ó¤ÆÏäϡ¢¼¡¤Î¤è¤¦¤Ë³Îǧ¤Ç¤­¤Þ¤¹¡£

% node > var X509Name = require("jsrsasign").KJUR.asn1.x509.X500Name; > new X509Name({str: "/C=JP/O=T1+CN=kjur"}).getEncodedHex(); '3027310b3009060355040613024a5031183009060355040a0c025431300b06035504030c046b6a7572'
¤¢¤È¤Ï¡¢¾ÚÌÀ½ñȯ¹ÔÍ×µá(CSR)¤òºî¤Ã¤¿¤ê¡¢
var rs = require("jsrsasign"); var kp = rs.KEYUTIL.generateKeypair("RSA", 2048); pem = rs.KJUR.asn1.csr.CSRUtil.newCSRPEM({ subject: {ldapstr: 'OU=T1+CN=example.com,O=Test,C=US'}, ext: [ {subjectAltName: {array: [{dns: 'example.net'}]} ], sbjpubkey: pubKeyPEM, sigalg: "SHA256withRSA", sbjprvkey: prvKeyPEM });
¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤¿¤ê¤¹¤ë»þ¤Ë¤âMulti-valued RDN¤¬»È¤¨¤Þ¤¹¡£
var pem = KJUR.asn1.x509.X509Util.newCertPEM({ serial: {int: 4}, sigalg: {name: 'SHA1withRSA', paramempty: true}, issuer: {str: '/C=US/O=a'}, notbefore: {str: '130504235959Z'}, notafter: {str: '140504235959Z'}, subject: {ldapstr: 'OU=kjur+CN=kjur,O=b,C=US'}, sbjpubkey: kp.pubKeyObj, ext: [ {basicConstraints: {cA: true, critical: true}}, {keyUsage: {bin: '11'}}, ], cakey: kp.pubKeyObj });
³ä¤ÈÍ»Ä̤¬Íø¤¯¤Î¤Ç¡¢¤è¤«¤Ã¤¿¤é»È¤Ã¤Æ¤ä¤Ã¤Æ¤¯¤À¤µ¤¤¡£

¤ª¤ï¤ê¤Ë

¤È¤¤¤¦¤ï¤±¤ÇĹ¡¹¡¢Multi-valued RDN¤ä¼±ÊÌ̾(DN)¤Î¤³¤È¤Ç¥À¥é¥À¥é½ñ¤¤¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£¤´¤á¤ó¤Ê¤µ¤¤¡£Ã¯¤«¤Î»²¹Í¤Ë¤Ê¤ì¤ÐÎɤ¤¤«¤Ê¡¢¤È»×¤¤¤Þ¤¹¡£

Äɵ­(2016.12.19)

¤¢¤Ã¡¢¸í²ò¤µ¤ì¤Ê¤¤¤è¤¦¤Ë½ñ¤¤¤Æ¤ª¤­¤Þ¤¹¤È¡¢»ä¤È¤·¤Æ¤Ï¡¢Multi-valued RDN¤ò¹­¤á¤¿¤¤¤È¤«¡¢»È¤¦¤Ù¤­¤À¤È¤«¸À¤¦¤Ä¤â¤ê¤ÏÌÓƬ¤¢¤ê¤Þ¤»¤ó¡£Áê¸ß±¿ÍÑÀ­¤¬¹â¤¤Êý¸þ¤Ç¥¤¥ó¥Õ¥éÀ߷פ¹¤ë¤Î¤¬¸¶Â§¤Ç¤¢¤ê¡¢»È¤ï¤Ê¤¯¤ÆºÑ¤à¤Ê¤é»È¤ï¤Ê¤¤Êý¤¬¤¤¤¤¤Ç¤·¤ç¤¦¡£¤¿¤À¡¢¼õ¤±¼è¤Ã¤¿¤È¤·¤Æ¤â¡¢¤Ó¤Ã¤¯¤ê¤·¤Ê¤¤¤Ç¤Í¡¢¤È¡¢¡¢¡¢¡¢£÷

´ØÏ¢µ­»ö

Black Hat:SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñÃæ¤ÎCN¤ÎOID½èÍýÉÔ¶ñ¹ç¤òÆͤ¤¤¿¹¶·â(³¤­1)

Á°²ó¤Ï¡¢BlackHat¤Ç¾Ò²ð¤µ¤ì¤¿SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÂоݥۥ¹¥È̾¤ò³ÊǼ¤¹¤ëCN(common name)°À­¤Î½èÍý¤ÎÉÔ¶ñ¹ç¤òÆͤ¤¤¿ÀȼåÀ­¤Ë¤Ä¤¤¤Æ¾Ò²ð¤·¤Þ¤·¤¿¡£

º£Æü¤Ï¡¢¼ÂºÝ¤Ë¥Æ¥¹¥È¥µ¡¼¥Ð¡¼¤òΩ¤Á¾å¤²¤Æ¥Ö¥é¥¦¥¶¤ÇÀܳ¤¹¤ë¤È¤É¤¦¤Ê¤ë¤Î¤«»î¤·¤Æ¤ß¤Þ¤¹¡£

Challenge PKI Test Suite(²þ)¤Îµ¡Ç½ÄɲÃ


¼ê»ý¤Á¤Î¾õÂÖ¤ÎTest Suite¤Ç¤Ï¡¢¾ÚÌÀ½ñ¼±ÊÌ̾¤Î¥ª¥Ö¥¸¥§¥¯¥È¼±Ê̻ҤˤĤ¤¤Æ
(1) ¥ª¥Ö¥¸¥§¥¯¥È¼±Ê̻ҤΥµ¥Ö¼±Ê̻ҤÇÂ礭¤ÊÀ°¿ô¤ò»ØÄꤹ¤ë¤È·å¤¬°î¤ì¤ë(µ¡ÃΤΥХ°)
(2) X.690¤Ë°ãÈ¿¤·¤Æ0x80¤Ç¥Ñ¥Ç¥£¥ó¥°¤·¤Æ¥¨¥ó¥³¡¼¥É¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¡£
¤È¤¤¤Ã¤¿¾õÂ֤Ǥ·¤¿¡£
RDN¤Î°À­¥¿¥¤¥×¤òɽ¤¹ÊýË¡¤È¤·¤Æ°Ê²¼¤Î¥µ¥Ý¡¼¥È¤òÄɲ䷤ơ¢¥Æ¥¹¥È¥³¡¼¥É¤òÄɲä·¤Þ¤·¤¿¡£
(1) CN, OU, O, C, serialNumber¤Ê¤É°À­¥¿¥¤¥×¤ò̾Á°¤Ç»ØÄê¤Ç¤­¤ë¡£(¸½¹Ô)
(2) 1.2.3.4 ¤Î¤è¤¦¤Ë½½¿Ê¥«¥ó¥Þ¶èÀÚ¤ê¤ÇOID¤ò»ØÄê¤Ç¤­¤ë¡£(¸½¹Ô¡¢·å°î¤ì¤Î¥Ð¥°)
(3) #550403 ¤Î¤è¤¦¤Ë16¿Ê¿ô¤Ç°À­¥¿¥¤¥×¤ò»ØÄê¤Ç¤­¤ë¡£(µ¡Ç½ÄɲÃ)

¾ÚÌÀ½ñ¤ÎÀ¸À®


SSL¥µ¡¼¥Ð¡¼¤Î¥Û¥¹¥È̾¤Ë°Ê²¼¤Î2¤Ä¤ò²¾Äꤷ¤Æȯ¹Ô¤·¤Þ¤¹¡£
CN=www.evil3.jp: °­°Õ¤Î¤¢¤ë¹¶·â¼Ô¤¬ËÜÅö¤Ë½ê»ý¤·¤Æ¤¤¤ë¥É¥á¥¤¥ó¤Î¥Û¥¹¥È
CN'=www.good-bank.com: º¾µ½ÂоݤΥۥ¹¥È


ËÜÍè¤Ê¤é¤ÐCN(2.5.4.3=0x550403)¤Ç¤¢¤ë¤è¤¦¤ÊOID¤ò¡¢ñÙ¤¹¤¿¤á¤Î¥Ë¥»¤ÎCN(CN')¤Îºî¤êÊý¤È¤·¤Æ¤Ï°Ê²¼¤Î2¤Ä¤Ç¹Ô¤¤¤Þ¤¹¡£

(1) ËöÈø"3"¤òX.690¤Ë°ãÈ¿¤·¤Æ0x80(Ê£¿ô²Ä)¤Ç¥Ñ¥Ç¥£¥ó¥°¤¹¤ë(0x05048003)
(2) ËöÈø"3"¤ò64bitÀ°¿ô¤Ç·å¤¢¤Õ¤ì¤·¤¿¸å"3"¤È¤Ê¤ëÃͤȤ¹¤ë¡£

ÊýË¡(2)¤Ë¤Ä¤¤¤Æ¤Ï¡¢·å°î¤ì¤¹¤ë¿ô¤ò"0x010000000000000003"(9¥Ð¥¤¥È)¤È¤·¤Æ¡¢¤³¤ì¤ò¥Ó¥Ã¥Èɽ¸½¤Ë¤·ËöÈø¤è¤ê7¥Ó¥Ã¥È¤Çʬ³ä¤·¤Æ¤³¤ì¤ò¥Ð¥¤¥È¤È¤·¡¢ËöÈø¤ò½ü¤­8¥Ó¥Ã¥ÈÌܤò1¤È¤·¡¢"2.5.4."¤ÎÉôʬ¤òÏ¢·ë¤¹¤ë¤È¡¢0x82808080808080808003¤È¤Ê¤ê¤Þ¤¹¡£

OpenSSL 0.9.8k¤Ç¤Ï¤É¤¦¸«¤¨¤ë¡©


OpenSSL¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¤É¤Î¤è¤¦¤Ë¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤¬É½¼¨¤µ¤ì¤ë¤Î¤«³Îǧ¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

¢£¥³¥Þ¥ó¥É
% openssl x509 -in ¾ÚÌÀ½ñ -noout -text
¢£OIDËöÈø"3"¤¬0x8003¤Î¾ì¹ç(X.690°ãÈ¿¤Î¥¼¥í¥Ñ¥Ç¥£¥ó¥°)
Subject: C=JP, O=Evil-CN-OID, CN=www.evil3.jp/2.5.4.3=www.good-bank.com
¢£OIDËöÈø"3"¤¬0x82808080808080808003(64bitÀ°¿ô·å°î¤ì)
Subject: C=JP, O=Evil-CN-OID, CN=www.evil3.jp/2.5.4.18446744073709551619=www.good-bank.com


CN¥â¥É¥­¤Ï¤Á¤ã¤ó¤È¶èÊ̤·¤Æɽ¼¨¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£CN¤Ï2.5.4.3¤Ê¤ó¤Ç¤¹¤¬¡¢0x80¥Ñ¥Ç¥£¥ó¥°¤µ¤ì¤¿¤â¤Î¤È¤Ï¤­¤Á¤ó¤È¶èÊ̤·¤Æ¤¤¤Þ¤¹¡£(18446744073709551619¤Ï0x010000000000000003¤Î10¿Ê¿ôɽ¸½¤Ç¤¹¡£)

dumpasn1¤Ç¤Îɽ¼¨


¢£ËÜʪ¤ÎCN(common name)¤Îɽ¼¨
SEQUENCE {
#06 03 55 04 03
OBJECT IDENTIFIER commonName (2 5 4 3)
#13 0C 77 77 77 2E 65 76 69 6C 33 2E 6A 70
PrintableString 'www.evil3.jp'
}

¢£¥Ë¥»¤ÎCN­¡(X.690°ãÈ¿¤Î0x80¥Ñ¥Ç¥£¥ó¥°)
SEQUENCE {
#06 04 55 04 80 03
OBJECT IDENTIFIER '2 5 4 3'
#13 11 77 77 77 2E 67 6F 6F 64 2D 62 61 6E 6B 2E 63 6F 6D
PrintableString 'www.good-bank.com'
}

¢£¥Ë¥»¤ÎCN­¢(64¥Ó¥Ã¥ÈÀ°¿ô·å°î¤ì)
SEQUENCE {
#06 0C 55 04 82 80 80 80 80 80 80 80 80 03
OBJECT IDENTIFIER '2 5 4 3'
#13 11 77 77 77 2E 67 6F 6F 64 2D 62 61 6E 6B 2E 63 6F 6D
PrintableString 'www.good-bank.com'
}


­¡¤â­¢¤âɽ¼¨¾å¤ÏËÜÅö¤ÎCN¤È¶èÊ̤Ǥ­¤Æ¤¤¤Þ¤¹¡£¤·¤«¤·¤Ê¤¬¤é­¢¤Ç¤Ï¡¢OBJECT IDENTIFIER '2 5 4 3'¤È¤Ê¤Ã¤Æ¤·¤Þ¤Ã¤Æ¤ª¤ê¡¢À°¿ô¤Î·å°î¤ì¤¬µ¯¤­¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£

¤Þ¤º¤ÏÀµ¼°¤Ê(°­¤¤¿Í¤Î)URL¤ËÀܳ


cnoid01

¤Á¤ã¤ó¤ÈÀµ¤·¤¯SSLÀܳ¤Ç¤­¤Æ¤Þ¤¹¤ó¤Ç¡¢¤³¤ì¤ÏÌäÂê̵¤·¡£

FireFox 3.5.2¤Ç¥Ë¥»CN¤Î¥Û¥¹¥È¤ËÀܳ


¤½¤ì¤Ç¤Ï¡¢¼¡¤ËX.690¤Ë°ãÈ¿¤·¤Æ0x80¤Ç¥Ñ¥Ç¥£¥ó¥°¤·¤Æ¤¢¤ë¥Ë¥»CN¤ÎURL "https://www.good-bank.com/" ¤ËÀܳ¤·¤Æ¤ß¤Þ¤¹¡£
cnoid02-ff35-err-yellow

¤ª¤ª¡¢¤Á¤ã¤ó¤È·Ù¹ð½Ð¤Þ¤¹¤Í¡£¥¨¥é¥¤¡£
cnoid02-ff35-dlg

¤ª¤ª¡¢¤Á¤ã¤ó¤È¥À¥¤¥¢¥í¥°¤Þ¤Ç¡¢¡¢¡¢¥á¥Ã¥»¡¼¥¸¤Ë¤â±³¤¬Ìµ¤¯¤Æ¹¥´¶¤¬»ý¤Æ¤Þ¤¹¡£¤Á¤Ê¤ß¤Ë¾ÚÌÀ½ñ¤Ï¤³¤ó¤Ê´¶¤¸¤Çɽ¼¨¤µ¤ì¤Þ¤¹¡£
cnoid03-ff35-crtdlg

cnoid04-ff35-crtdlg

¥Ë¥»CN¤Ë¤Ä¤¤¤Æ¡¢Ê¸»ú²½¤±¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¤Þ¤¡¡¢²ø¤·¤¤¤È¤ï¤«¤ê¤Þ¤¹¡£

64bitÀ°¿ô·å¤¢¤Õ¤ì¤¹¤ë¾ì¹ç¤Ç¤â¡¢É½¼¨¤ÏƱ¤¸¤À¤Ã¤¿¤Î¤Ç¡¢¥­¥ã¥×¥Á¥ã¤Ï³ä°¦¤·¤Þ¤¹¡£

Internet Explorer 8¤Ç¥Ë¥»CN¤Î¥Û¥¹¥È¤ËÀܳ


Àè½µ¤¢¤¿¤ê¤ËWindows Update¤·¤¿¡¢¤Û¤ÜºÇ¿·¤À¤È»×¤¦IE8¤Ç¥Ë¥»CN¤ÎURL¤ËÀܳ¤·¤Æ¤ß¤Þ¤·¤¿¡£
cnoid06-ie8-goodbank

°ìÀÚ·Ù¹ð¤Ê¤¯¥Ë¥»CN¤Î¥µ¥¤¥È¤ËÀܳ¤Ç¤­¤Æ¤·¤Þ¤¤¤Þ¤¹¤Í¡£
cnoid07

¾ÚÌÀ½ñ¥À¥¤¥¢¥í¥°¤Ç´Ñ¤Æ¤ß¤ë¤ÈX.690°ãÈ¿¤Î0x80¥Ñ¥Ç¥£¥ó¥°¤Ç¤âÀ°¿ô·å°î¤ì¤Ç¤âɽ¼¨¾å¤ÏCN(common name)¤Ç¤¢¤ë¤È¤·¤Æɽ¼¨¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤¹¡£

Google Chrome 2¤Ç¥Ë¥»CN¥µ¥¤¥È¤ËÀܳ


º£Æü¤Î»þÅÀ¤ÇºÇ¿·¤À¤È»×¤¦Google Chrome 2.0.172.43¤ÇƱÍͤËÀܳ¤·¤Æ¤ß¤Þ¤·¤¿¡£
cnoid09

¤³¤Á¤é¤â·Ù¹ð¤Ê¤¯Àܳ¤Ç¤­¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
cnoid10

¾ÚÌÀ½ñ¤âwww.good-bank.comÍѤÇÌäÂê¤Ê¤¤¤³¤È¤Ë¤Ê¤Ã¤Á¤ã¤Ã¤Æ¤Þ¤¹¤Í¡£

Opera 9.5¤ÇÀܳ


¤³¤Î¾¤ËOpera for Windows 9.50 build10063¤Ç¤â»î¤·¤Æ¤ß¤¿¤ó¤Ç¤¹¤¬¡¢Opera¼«ÂΤ¬DNS¤Ç°ú¤±¤Ê¤¤¥Û¥¹¥È¤Ïɽ¼¨¤¬¤Ç¤­¤Ê¤¤¤è¤¦¤Êµ¤¤¬¤¹¤ë¤ó¤Ç¤¹(¥í¡¼¥«¥ëPC¤Îhttp://192.168.1.133/Åù¤Ç¤âÀܳÉÔǽ)¡£¤½¤Î¤¿¤á¥Æ¥¹¥È¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£
cnoid-opera-01

¤È¡¢¡¢¡¢»×¤Ã¤¿¤éñ¤Ë;·×¤Ê¥×¥í¥­¥·¤¬ÀßÄꤵ¤ì¤Æ¤¤¤¿¤À¤±¤Ç¤·¤¿¡£¤¹¤ß¤Þ¤»¤ó¡£µ¿¤Ã¤Æ¥´¥á¥ó¥è¡£µ¤¤ò¼è¤êľ¤·¤ÆÀܳ¤·¤Æ¤ß¤Þ¤¹¡£¤Þ¤º¤Ï¡¢(²ø¤·¤¤¤±¤É)Àµ¤·¤¤HTTPSÀܳ¡£
cnoid-opera-02

¤Þ¤¡¡¢°ÂÁ´¤Ç¤¹(¾Ð)¡£
cnoid-opera-03


¼¡¤Ë¥Ë¥»CN¤Î¥µ¥¤¥È¤ËÀܳ¤·¤Æ¤ß¤Þ¤¹¡£
cnoid-opera-04

cnoid-opera-05

¤Á¤ã¤ó¤È¿ÆÀڤʷٹ𤬤Ǥޤ¹¡£¤â¤¦¤Á¤ç¤Ã¤È¿§¤¬ÊѤï¤Ã¤¿¤ê¥¤¥ó¥Ñ¥¯¥È¤¬¤¢¤ë·Ù¹ð¤À¤È¤¤¤¤¤ó¤Ç¤¹¤±¤É¤Í¡£

¤³¤ì¤â¡¢¤É¤Ã¤Á¤Î¥Ë¥»CN¤Ç¤â·ë²Ì¤ÏƱ¤¸¤Ç¤·¤¿¡£

Opera¤ÎºÇ¿·ÈǤϸ½»þÅÀ¤Ç9.64¤À¤½¤¦¤Ç¡¢¤Á¤ç¤Ã¤È¸Å¤¤¤ä¤Ä¤Ç¤¹¤¬¡¢¥Ë¥»CN OIDÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¤Á¤ã¤ó¤ÈÂбþ¤µ¤ì¤Æ¤¤¤ë¤Ã¤Æ¤³¤È¤Ç¡¢¡¢¡¢

ruby + httpclient2


ruby¤Èhttpclient2¤Î¥â¥¸¥å¡¼¥ë¤Ç¤â»î¤·¤Æ¤ß¤Þ¤·¤¿¡£OpenSSL¥Ù¡¼¥¹¤Ç¤¹¤¬¡¢¥Ë¥»CN¥µ¥¤¥È¤ËÀܳ¤¹¤ë¤È¤Á¤ã¤ó¤È¥¨¥é¡¼¤Ë¤Ê¤Ã¤Æ¤¯¤ì¤Þ¤¹¡£
/usr/lib/ruby/1.8/openssl/ssl.rb:123:in `post_connection_check': hostname was not match with the server certificate (OpenSSL::SSL::SSLError)


°Ê¾å¡¢¤³¤ó¤Ê´¶¤¸¤Ç¼Â¸³Êó¹ð¤Ç¤·¤¿¡£

¤Ç¤Ï¤Ç¤Ï

¢¨Ãí°Õ¡§¤³¤Îµ­»ö¤Î¥¦¥£¥ó¥É¥¦¥­¥ã¥×¥Á¥ã²èÁü¤Ï¡¢Í¾·×¤ÊÉôʬ¡¢¶õÇò¤Ê¤É¤ò½ü¤¯¤¿¤á¤Ë¥È¥ê¥ß¥ó¥°¤·¤¿¤ê¡¢¶õÇò¤Îºï½üÅù¤Î²Ã¹©¤ò¤·¤Æ¤¤¤Þ¤¹¡£

´ØÏ¢µ­»ö



¥¢¥¹¥­¡¼¥¢¡¼¥È¾ÚÌÀ½ñ

¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤Î¼çÂμÔ̾¡¢È¯¹Ô¼Ô̾¤Ê¤ó¤«¤òʸ»úÎó¤Ç»ØÄꤷ¤Þ¤¹¡£PrintableString¤Ë¤Ïʸ»ú¼ï¤ÎÀ©¸Â¤¬¤¢¤ê¤Þ¤¹¤¬¡¢UTF8String¡¢TeletexString¡¢BMPString¤Ê¤ó¤«¤ò»È¤Ã¤¿¾ì¹ç¤Ë¤Ïʸ»ú¼ï¤ÎÀ©¸Â¤¬¤¢¤Þ¤ê¤Ê¤¯¡¢²þ¹Ô¤äÆüìʸ»ú¤Ê¤ó¤«¤âÆþ¤ì¤Æ¥À¥á¤È¤Ï½ñ¤¤¤Æ¤¢¤ê¤Þ¤»¤ó¡£(Æþ¤ì¤Æ¤¤¤¤¤«¤É¤¦¤«¤ÏÊ̤Ǥ¹¡£CP/CPS¤Î¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤ÇÀ©¸Â¤òÀߤ±¤Æ¤¤¤ë¥±¡¼¥¹¤â¤¢¤ê¤Þ¤¹¡£)

¤È¤¢¤ë¶á¤¤¹ñ¤Î¾ÚÌÀ½ñ¤Ê¤ó¤«¤ÏCN¤Ë²þ¹Ô¤¬¥Ð¥ê¥Ð¥êÆþ¤Ã¤Æ¤ª¤ê¡¢¾ÚÌÀ½ñ¼±ÊÌ̾¤òËÜÅö¤Ë¥á¥âÄ¢Âå¤ï¤ê¤Ë»È¤Ã¤Æ¤¤¤Þ¤¹¡£

¼ê»ý¤Á¤ÎChallenge PKI Test Suite¤Ç¤Ï¡¢4ǯ¤°¤é¤¤Á°¤«¤é¼±ÊÌ̾¤òÉôʬŪ¤À¤Ã¤¿¤êÁ´ÂÎŪ¤Ë16¿Ê¿ô¤Ç»ØÄꤷ¤¿¤ê¡¢²þ¹Ô"\r\n"¤Ê¤ó¤«¤Î¥¨¥¹¥±¡¼¥×ʸ»ú¤Ë¤âÂбþ¤·¤Æ¤¤¤Þ¤¹¡£

Windows¤Î¾ÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤Ç¤Ï¡¢Â°À­¤Îɽ¼¨Îΰ褬9¹Ô¤¢¤ê¤Þ¤¹¡£¼±ÊÌ̾¤ÎRDN¤òɽ¼¨¤µ¤»¤ë¤È¡¢ºÇ½é¤Î°ì¹ÔÌܤÏRDN¤Î°À­¥¿¥¤¥×(O=¤È¤«CN=¤È¤«)¤¬É½¼¨¤µ¤ì¤ë¤Î¤Ç¡¢¤Þ¤¡¡¢Ê¸»ú¤Î¥ì¥¤¥¢¥¦¥È¤ÎÅÔ¹ç¾å(ÌÌÅݤʤΤÇ)»È¤ï¤Ê¤¤¤È¤·¤Æ¡¢8¹Ô¤Ï¼«Í³¤Ë»È¤Ã¤Æ¤è¤¤¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

µ×¤·¤Ö¤ê(3ǯ¤°¤é¤¤¤Ö¤ê)¤Ëºî¤Ã¤Æ¤ß¤ë¤È¡¢¤³¤ó¤Ê´¶¤¸¡¢¡¢¡¢¡¢

aacert01



¤ó¤ó¡Á¡Á¤Ã¡¢º¸Â¦¤¬¤â¤Ã¤¿¤¤¤Ê¤¤¤Î¤Ç¡¢¤â¤¦¾¯¤·²£Ä¹¤Ç8¹Ô¤Î¥¢¥¹¥­¡¼¥¢¡¼¥È¤òÆþ¤ì¤Æ¤ß¤ë¤È¤³¤ó¤Ê´¶¤¸¡¢¡¢¡¢

aacert02



VeriSign¤Îȯ¹Ô¤¹¤ë¾ÚÌÀ½ñ¤Ë¤ÏÆþ¤Ã¤Æ¤¤¤ë¤³¤È¤â¤¢¤ëRFC 3709¤Î¥í¥´¥¿¥¤¥×X.509v3³ÈÄ¥¤È¤¤¤¦ÁÈ¿¥¤Î¥í¥´²èÁü¤ä²»À¼¤Ê¤É¤ò¾ÚÌÀ½ñ¤ËËä¤á¹þ¤à¤Ã¤Æ¤¤¤¦¤Î¤â¤¢¤ë¤ó¤Ç¤¹¤¬¡¢¾ÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤ÎÊý¤¬Âбþ¤·¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢¥Õ¥Ä¡¼¤Ï¤³¤ì¸«¤é¤ì¤Þ¤»¤ó¤è¤Í¡£¤â¤Ã¤¿¤¤¤Ê¤¤¡¢¡¢¡¢¡¢¥í¥´¥¿¥¤¥×³ÈÄ¥¤ÎÂå¤ï¤ê¤Ë¥¢¥¹¥­¡¼¥¢¡¼¥È¤¬»È¤¨¤¿¤éÌÌÇò¤¤¤ó¤¸¤ã¤Ê¤¤¤«¤È»×¤¤¤Þ¤¹¡£

¤¿¤À¼ÂºÝ¤Ï¡¢CN¤äOU¤È¤«¤Ë¤Ï²¿Ê¸»ú¤Þ¤Ç¤Ã¤Æ¤¤¤¦À©¸Â¤¬¤¢¤ë¤Î¤Ç»È¤¨¤Ê¤¤¤ó¤Ç¤¹¤±¤É¤Í¡¢¡¢¡¢¡¢¡¢»ÄÇ°¡¢¡¢¡¢¡¢¾ÚÌÀ½ñ¥Ý¥ê¥·³ÈÄ¥¤ÎUserNotice¤ÎÃæ¤Ç¤â¤¿¤Ã¤¿200ʸ»ú¤«¡¢¡¢¡¢¤â¤¦¤Á¤ç¤Ã¤ÈŤ¯»È¤¨¤ë¤Î̵¤¤¤«¤Ê¡¢¡¢¡¢¡¢

RFC 3280 Appendix: A.1 Explicitly Tagged Module, 1988 Syntax
¡¡¡¡¡§Ãæά
-- specifications of Upper Bounds MUST be regarded as mandatory
-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
ub-common-name INTEGER ::= 64
ub-organization-name INTEGER ::= 64
ub-organizational-unit-name INTEGER ::= 64
¡¡¡¡¡§°Ê²¼Î¬


¤¢¡¢¤½¤Ã¤«¡¢Ê¸»ú¿ô¤ÎÀ©¸Â¤ò¥¯¥ê¥¢¤¹¤ë¤Ë¤ÏÎ㤨¤Ð¹Ô¤ÎÀèƬ¤Ï"L = "(locality)¸ÇÄê¤Ç¤¤¤±¤ÐÀèƬ¤Ë¥´¥ß¤ÏÉÕ¤¤¤Á¤ã¤¦¤±¤É¡¢Ê¸»ú¿ôÀ©¸Â¤Ï¥¯¥ê¥¢¤Ç¤­¤ë¤«¡¢¡¢¡¢¡¢¡¢

aacert03



¤Á¤Ê¤ß¤Ë¤³¤Î64¤Ã¤Æ¤¤¤¦¤Î¤Ï64¥Ð¥¤¥È(=64¥ª¥¯¥Æ¥Ã¥È)¤Ç¤Ï¤Ê¤¯¤Æ¡¢64ʸ»ú¤Ç¤¹¡£UTF-8¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤À¤ÈÆüËܸì1ʸ»ú¤¬ÉáÄÌ3¥Ð¥¤¥È¤°¤é¤¤¤Ë¤Ê¤Ã¤Á¤ã¤¦¤ó¤Ç¤¹¤¬¡¢ÆüËܸì1¤Ç¤¢¤í¤¦¤¬1ʸ»ú¤È¤·¤Æ¥«¥¦¥ó¥È¤µ¤ì¤Þ¤¹¡£¤³¤ÎÊÕ¤ê¤ÏÆüËܤ䥢¥¹¥­¡¼¥¢¡¼¥È¡Ê¡°¡°¡¨¤Ç¤ÏÂç»ö¤Ê¤È¤³¤í¤Ç¤¹¡£

EV¥¬¥¤¥É¥é¥¤¥ó¤Î¥É¥é¥Õ¥È¤Ï´Ö°ã¤Ã¤Æ¤¤¤¿¤Î¤Ç¡¢½¤Àµ°ÍÍê¤òCAB Forum»ö̳¶É¤ËÁ÷¤Ã¤Æ bytes ¤«¤é characters ¤Ëľ¤·¤Æ¤â¤é¤¨¤Þ¤·¤¿¡£

OpenSSL¤ÇÂбþ¤·¤Æ¤¤¤ëDirectoryStringType°ìÍ÷

¼«ÂÄÍî¤Êµ»½Ñ¼Ô¤ÎÆüµ­ : OpenSSL¤ÇNumericString¤ÎÆþ¤Ã¤¿¾ÚÌÀ½ñ¤¬Æɤ߹þ¤á¤Ê¤¤ - livedoor Blog¡Ê¥Ö¥í¥°¡Ë
RFC 3280¤Ç¤Ïµ¬Äê³°¤Ë¤Ê¤ê¤Þ¤¹¤¬¼±ÊÌ̾¤ËNumericString¤ò´Þ¤à¾ÚÌÀ½ñ¤òºî¤Ã¤Æ¤ß¤Æ¡¢¤½¤ÎPKCS#12¤òºî¤í¤¦¤ÈOpenSSL¤ÇÆɤ߹þ¤Þ¤»¤Æ¤ß¤¿¤é¸«»ö¤Ë¥¨¥é¡¼¤Ë¤Ê¤ê¤Þ¤·¤¿¡£


Á°¤Î¥Ö¥í¥°¤ÇOpenSSL¤ÇNumericString¤ò¼±ÊÌ̾¤Ë´Þ¤à¾ÚÌÀ½ñ¤òÆɤ߹þ¤à¤È¥¨¥é¡¼¤Ë¤Ê¤ë¤È½ñ¤­¤Þ¤·¤¿¤¬Â¾¤Ï¤É¤¦¤Ê¤Î¤«(Ê̤ÎÄ´ºº¤Î¤Ä¤¤¤Ç¤Ë)Ä´¤Ù¤Æ¤Þ¤È¤á¤Æ¤ß¤¿¤Î¤¬°Ê²¼¤Ç¤¹¡£














DirectoryString
Type
TagOpenSSL
¥µ¥Ý¡¼¥È¢¨1
RFC3280
Issuer¢¨2
RFC3280
Subject¢¨3
UTF8String0c¡û¡û¡û
NumericString12¡ß¡ß¡ß
PrintableString13¡û¡û¡û
TeletexString14¡û¡û¡û
VideotexString15¡ß¡ß¡ß
IA5String16¡û¡ß¡û
GraphicString19¡ß¡ß¡ß
VisibleString1a¡ß¡ß¡ß
GeneralString1b¡ß¡ß¡ß
UniversalString1c¡û¡û¡û
BMPString1e¡û¡û¡û



¢¨1: OpenSSL 0.9.8h¤Ç¾ÚÌÀ½ñ¼±ÊÌ̾¤Ç»È¤ï¤ì¤Æ¤¤¤ë¤â¤Î¤òÆɤ߹þ¤ó¤ÀºÝ¡¢¥¨¥é¡¼½ªÎ»¤·¤Ê¤±¤ì¤Ð¡Ö¡û¡×
¢¨2: RFC 3280 4.1.2.4¤ÇIssuer¤Ë»È¤Ã¤Æ¤è¤¤¤È¤·¤Æ¤¤¤ëDirectoryString Type¤Ç¤¢¤ë¤«
¢¨3: RFC 3280 4.1.2.6 Subject¤Ç¤ÏIssuer¤Î¤â¤Î¤Ë²Ã¤¨²áµî¤È¤Î¸ß´¹À­¤«¤é¥á¡¼¥ë¥¢¥É¥ì¥¹¤ËIA5String¤ò¤Ä¤«¤Ã¤Æ¤â¤è¤¤¡£


X.680¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ëʸ»úÎó¤ò°·¤¦¥×¥ê¥ß¥Æ¥£¥Ö¤ò¥ê¥¹¥È¤Ë¤·¤Þ¤·¤¿¡£OpenSSL¤Ï0.9.8h¤Ç³Îǧ¤·¤Þ¤·¤¿¡£RFC 3280¤Ç¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ëDirectoryString Type¤·¤«¥µ¥Ý¡¼¥È¤·¤Æ¤Ê¤¤¤ó¤Ç¤¹¤Í¡£

Æɤá¤Ê¤«¤Ã¤¿¤È¤­¤Î¥¨¥é¡¼¤Ï¤³¤ó¤Ê´¶¤¸¤Ç¤¹¡£

% openssl x509 -inform DER -noout -txt -in EE-ECOM-XMLDN-DS-VIDEOTEX-ASCII.cer
unable to load certificate
24264:error:0D07808C:asn1 encoding routines:ASN1_ITEM_EX_D2I:mstring wrong tag:tasn_dec.c:228:Type=ASN1_PRINTABLE
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=value, Type=X509_NAME_ENTRY
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=issuer, Type=X509_CINF
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=cert_info, Type=X509


º£¹¹¤Ê¤¬¤é¾ÚÌÀ½ñ¤ÎRDN½ç½ø¤Ë¶ì¤·¤á¤é¤ì¤ë

ETSI XAdES¥×¥é¥°¥Æ¥¹¥È´ØÏ¢¤Ç¡¢¤Á¤ç¤Ã¤È¶òÃԤꤿ¤¤¤³¤È¤â¤¢¤ê¡¢¡¢¡¢¡¢¡Ê¡°¡°¡¨

¥Æ¥¹¥ÈÍѤ˻Ȥ¦CA¤Ê¤ó¤Ç¤¹¤¬¡¢¤è¤½¤Çºî¤é¤ì¤¿¥×¥í¥È¥¿¥¤¥×CA¤ò»È¤Ã¤Æ¤¤¤Þ¤¹¡£¤¤¤í¤¤¤íÌÌÅݤʤ³¤È¤¬Â¿¤¤¤ó¤Ç¤¹¤¬¡¢º£²óº¤¤Ã¤Æ¤·¤Þ¤Ã¤¿¤Î¤Ï¾ÚÌÀ½ñ¤Î¼±ÊÌ̾(Distinguished Name:DN)¤ÎÁêÂм±ÊÌ̾(RDN)¤ÎʤӤνç½ø¤Î¤³¤È¤Ç¤¹¡£

X.509¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤Ï¡¢X.500¥Ç¥£¥ì¥¯¥È¥ê¤ò´ðÁäȤ·¤Æ¤³¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ë´ð¤Å¤¤¤Æ¥¨¥ó¥Æ¥£¥Æ¥£¤¬´ÉÍý¤µ¤ì¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤ë»ÅÁȤߤˤʤäƤ¤¤Þ¤¹¡£¥¨¥ó¥Æ¥£¥Æ¥£¤Î̾Á°¤¬Î㤨¤Ð¥Ç¥£¥ì¥¯¥È¥ê¤Î¥ë¡¼¥È¤«¤é { C=JP, O=TEST, CN=USER1 } ¤Î¤è¤¦¤Ê¹ñ(C)¤«¤é»Ï¤Þ¤ë½ç½ø¤Ë¤Ê¤Ã¤Æ¤¤¤¿¤È¤¹¤ë¤È¡¢¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤âASN.1¤ÎSEQUENCE¤ÎʤӤǸÀ¤¦¤È { C=JP, O=TEST, CN=USER } ¤Î½ç½ø¤ËʤӤޤ¹¡£

¤³¤ÎʤӤκî¤êÊý¤Ë¤Ä¤¤¤Æ¤Ï X.501 9.2 Àá Names in General¤Ëµ¬Ä꤬¤¢¤ë¤ÈÃΤê¹ç¤¤¤ÎÊý¤¬¶µ¤¨¤Æ¤¯¤ì¤Þ¤·¤¿¡£

ITU-T Recommendation X.501 section 9.2 Names in General

The sequence of objects so identified, starting with the root and ending with the object being named, is such that each is the immediate superior of that which follows it in the sequence.


»ö¼Â¡¢À¤¤ÎÃæ¤ËήÄ̤·¤Æ¤¤¤ëËؤɤξÚÌÀ½ñ¡¢Windows¾ÚÌÀ½ñ¥¹¥È¥¢¤Ë´Þ¤Þ¤ì¤ëÁ´¤Æ¤Î¾ÚÌÀ½ñ¤Ï¤³¤ÎÀµ½ç(¨¤ÁDIT¤Î¾å¤«¤é½ç)¤ËRDN¤¬Ê¤ó¤Ç¤¤¤ë¤ï¤±¤Ç¤¹¡£

Á°²ó¤ÎETSI Remote XAdES Plugtest¤Ç¤Ï¡¢IAIK¤Î¥é¥¤¥Ö¥é¥ê¤ÇľÀܺî¤Ã¤¿¾ÚÌÀ½ñ¤À¤Ã¤¿¤è¤¦¤ÇÀµ½ç¤Ë¤Ê¤é¤ó¤Ç¤¤¤ÆÌäÂê¤Ê¤«¤Ã¤¿¤ï¤±¤Ç¤¹¤¬¡¢º£²ó¤Î¥×¥é¥°¥Æ¥¹¥È¤Ç¤Ï¤È¤¢¤ëCA¥×¥í¥È¥¿¥¤¥×À½Éʤò»È¤¦¤³¤È¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢¤³¤ì¤¬¤Ê¤«¤Ê¤«¶Ê¼Ô¤Ç¡¢RDN¤Î½ç½ø¤¬µÕ½ç¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤Ã¤Æ¤¤¤Þ¤¹¡£

µÕ½ç¤Ë¤Ê¤Ã¤Æ¤¤¤Æ¶ñÂÎŪ¤ËÌäÂê¤È¤Ê¤ë¤Î¤Ï°Ê²¼¤Î¤è¤¦¤ÊÅÀ¤Ç¤¹¡£

  • ¥Ñ¥¹¹½ÃÛ¤ò¥Ç¥£¥ì¥¯¥È¥ê¤ò»È¤¦¼ÂÁõ¤Î¾ì¹ç¡¢µÕ½ç¤Ç¥Þ¥Ã¥Á¤·¤Ê¤¤¤¿¤á¾ÚÌÀ½ñ¤Î¼èÆÀ¤Ë¼ºÇÔ¤¹¤ë¾ì¹ç¤¬¤¢¤ë¡£

  • CA´Ö¤ÎÁê¸ßǧ¾Ú¤ÎºÝ¡¢°ìÊý¤¬Àµ½ç¡¢Â¾Êý¤¬µÕ½ç¤Ç¤¢¤Ã¤¿¾ì¹ç¤Ë̾Á°¤Î½ç½ø¤ËÀ°¹çÀ­¤¬Ìµ¤¤¡¢Áê¸ßǧ¾Ú¤¬¤¦¤Þ¤¯¤¤¤«¤Ê¤¤¤Ê¤É¤Î¥È¥é¥Ö¥ë¤¬¤¢¤ë¾ì¹ç¤¬¤¢¤ë¡£



²¿¤è¤ê¡¢¥×¥é¥°¥Æ¥¹¥È¤ÎÀ߷פϽð̾¤äPKI¤ÎÀìÌç²È¤¬¤ä¤Ã¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¤«¤é¡¢ÊѤʰ­Îã¤ò»Ä¤·¤Æ¤·¤Þ¤¦¤È¤½¤ì¤¬¥Ç¥Õ¥¡¥¯¥È¤È¤·¤Æ´ª°ã¤¤¤µ¤ì¤¿¤ê¡¢¸å¡¹º¤¤Ã¤¿¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

¤½¤ÎÊÕ¤ê¤Ê¤«¤Ê¤«Íý²ò¤·¤Æ¤â¤é¤¨¤Ê¤¯¤Æ¡¢¡Ö²¿¤ÇµÕ½ç¤¸¤ã¤À¤á¤Ê¤Î¤«¡©ÌäÂ꤬¤¢¤ë¤Ê¤éµ¬Äê¤ò°úÍѤ·¤Æ¼¨¤»¡×¤È¸À¤ï¤ì¤ë»ÏËö¡¢¡¢¡¢¡¢¤¤¤ä¤¡¡¢¡¢¡¢¤½¤ÎCA¥×¥í¥È¥¿¥¤¥×¤Î¥È¥é¥Ö¥ë¥·¥å¡¼¥Æ¥£¥ó¥°¤¹¤ë¤¿¤á¤Ë¥Ü¥é¥ó¥Æ¥£¥¢¤ä¤Ã¤Æ¤¤¤ë¤ï¤±¤¸¤ã¤Ê¤¤¤ó¤Ç¤¹¤±¤É¤Í¡¢¡¢¡¢¥È¥Û¥Û¡¢¡¢¡¢¡¢

ÌÌÅݤÀ¤Ê¤È¤Ï»×¤¤¤Þ¤·¤¿¤¬¡¢»ÅÊý¤Ê¤¯¤Á¤ã¤ó¤ÈÃúÇ«¤Ê¿ÞÆþ¤ê¤Èɸ½à¤Î°úÍѤȡ¢¿ô²ó¤ÎÉÔÌӤʥ᡼¥ë¤Î¤ä¤ê¼è¤ê¤ÈÅÅÏòñµÄ¤Ç²¿¤È¤«Ç¼ÆÀ¤·¤Æ¤â¤é¤¤¡¢¤È¤ê¤¢¤¨¤ºÌµ»ö¡¢Àµ½ç¤Ë¤Ê¤ë¤è¤¦¤Ë¤Ïľ¤·¤Æ¤â¤é¤¤¤Þ¤·¤¿¡£¤Ï¤¡¡Á¡Á¡Á¡Á¡¢Èè¤ì¤¿¡£

¤Þ¤À¡¢streetAddress¤Ê¤ó¤«Æþ¤ì¤é¤ì¤ë¤è¤¦¤Ë¤Ï¤Ê¤Ã¤¿¤Þ¤Þ¤Ç¡¢¤³¤ì¤¬¤Þ¤¿ÊѤʰÌÃÖ¤ËÆþ¤Ã¤Æ¤¤¤ë¤ó¤Ç¤¹¤¬¡¢gender¤È¤«Í¾·×¤Ê¤â¤Î¤Ï¼è¤ê½ü¤«¤ì¤Æ¤È¤ê¤¢¤¨¤ºÎɤ«¤Ã¤¿¤«¤Ê¡¢¡¢¡¢¤È¡¢¡¢¡¢(¤Á¤Ê¤ß¤ËstreetAddress¤ÏRFC 3280¤Îµ¬Äê³°)

¼Â¤Ï¡¢CAdES¤è¤ê¤âXAdES(or XMLDSig)¤ÎÊý¤¬¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤Ë¤Ä¤¤¤Æ¤«¤Ê¤êÌñ²ð¤ÊÌäÂê¤òÊú¤¨¤Æ¤¤¤Þ¤¹¡£¤³¤Î·ï¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤Þ¤¿Ê̤ε¡²ñ¤Ë¡¢¡¢¡¢¡¢

¡ã»²¹Í¡ä
ITU-T Recommendation X.501 (02/01) Download (PDFÈǤÏ̵½þ¥À¥¦¥ó¥í¡¼¥É²Ä)
http://www.itu.int/rec/T-REC-X.501-200102-I/e
RFC 3280 Annex C.1 (¾ÚÌÀ½ñ¤ÎÎã¤Ï¤Á¤ã¤ó¤ÈÀµ½ç)
http://www.ietf.org/rfc/rfc3280.txt
IPA/JNSA Challenge PKI 2001 Êó¹ð½ñ
http://www.ipa.go.jp/security/fy13/report/pki_interop/pki_interop.pdf
ºÇ¿·µ­»ö
Categories
Archives
Twitter
µ­»öGoogle¸¡º÷

ËÜ¥Ö¥í¥°Æâ¤òGoogle¸¡º÷
Yahoo!¥¢¥¯¥»¥¹²òÀÏ
Travel Advisor
µ­»ö¸¡º÷
QR¥³¡¼¥É
QR¥³¡¼¥É
  • ¥é¥¤¥Ö¥É¥¢¥Ö¥í¥°