µ×¡¹¤Ë¤Á¤ç¤Ã¤ÈPKI´ØÏ¢¥Í¥¿¤Ç¤¹¡£¤¤¤ï¤æ¤ë¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ(X.509¾ÚÌÀ½ñ)¤Ë¤Ï¡¢¼çÂμÔ̾(Subject Name)¤äȯ¹Ô¼Ô̾(Issuer Name)¤Ë¼±ÊÌ̾(DN: Distinguished Name)¤ò»È¤¤¤Þ¤¹¡£Î㤨¤Ð¡¢
CN=yourname@example.com,O=example,C=JP¤Î¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡£¥«¥ó¥Þ¤Ç¶èÀڤä¿°ì¤Ä°ì¤Ä¤òÁêÂм±ÊÌ̾(RDN: Relative Distinguished Name)¤È¸Æ¤ó¤Ç¤¤¤Þ¤¹¡£
O=example°ìÈÌŪ¤Ë¤ÏÁêÂм±ÊÌ̾(RDN)¤Ï¡¢¡Ö°ì¤Ä¤Î¡×°À¥¿¥¤¥×¤È°ÀÃͤΥڥ¢(AttributeTypeAndValue) ¤è¤ê¹½À®¤µ¤ì¤Þ¤¹¡£
°À¥¿¥¤¥×=°ÀÃͤ¿¤À¡¢¡Ö°ìÈÌŪ¤Ë¤Ï¡×¤È½ñ¤¤¤¿Ä̤ꡢRDN¤Ë¤Ä¤¤¤ÆÊ£¿ô¤ÎAttributeTypeAndValue¤ò»ý¤Ä¤³¤È¤â²Äǽ¤Ç¤¹¡£¤³¤ì¤òMulti-valued RDN¤È¸Æ¤ó¤Ç¤ª¤ê¡¢¥×¥é¥¹"+"µ¹æ¤Ç¤Ä¤Ê¤¤¤Ç°Ê²¼¤Î¤è¤¦¤Ëɽ¸½¤·¤Þ¤¹¡£
O=example
°À¥¿¥¤¥×1=°ÀÃÍ1+°À¥¿¥¤¥×2=°ÀÃÍ2...Google¤È¤«¤Ç¡ÖMulti-valued RDN¡×¤Ç¸¡º÷¤¹¤ë¤È¤ï¤«¤ë¤È»×¤¦¤ó¤Ç¤¹¤¬¡¢±Ñ¸ì¤Ç¤Ï·ë¹½¤¢¤ë¤Î¤Ë¡¢ÆüËܸì¤Ç¿¨¤ì¤Æ¤¤¤ëµ»ö¤Ã¤Æ¡¢¼«Ê¬¤Î¥Ö¥í¥°°Ê³°¤ß¤Ä¤«¤é¤Ê¤¤¤ß¤¿¤¤¤Ê¤ó¤Ç¤¹¤è¤Í¡£ º£Æü¤Ï¡¢ÀÛºî¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê jsrsasign ¤ä OpenSSL ¤ò»È¤¤¤Ê¤¬¤é¡¢¾ÚÌÀ½ñ¼±ÊÌ̾¤ÎMulti-valued RDN¤ä¡¢¼±ÊÌ̾¤Ë¤Ä¤¤¤Æ·¡¤ê²¼¤²¤Æ¤ß¤¿¤¤¤Þ¤¹¡£
CN=User1+serialNumber=123
¥¨¥ó¥È¥ê¤È¼±ÊÌ̾
LDAP¤ä¡¢¤½¤Î¸µ¤È¤Ê¤Ã¤Æ¤¤¤ëX.500¥Ç¥£¥ì¥¯¥È¥ê¥µ¡¼¥Ó¥¹¤Ç¤Ï¡Ö¥¨¥ó¥È¥ê¡×¤Î¥Ä¥ê¡¼¹½Â¤¤Ë¤è¤ê¾ðÊó¤ò´ÉÍý¤·¡¢Î㤨¤Ð²ñ¼Ò¡¢ÉôÌç¡¢¼Ò°÷¤Ï°Ê²¼¤Î¤è¤¦¤Ë´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
LDAP¤Ç¤Ï¡¢¤¢¤ë¥¨¥ó¥È¥ê¤òÆÃÄꤹ¤ë¤¿¤á¤Ë¡Ö¡û¡ß¾¦»ö¡×¤Î¡ÖÁí̳Éô¡×¤Î¡Öº´Æ£Æóϯ¡×¤µ¤ó¤È¤¤¤¦ÆÃÄê¤Î»ÅÊý¤ò¤·¤Þ¤¹¡£¥¨¥ó¥È¥ê¤Î̾Á°¡¢¡ÖÁí̳Éô¡×¤ä¡Öº´Æ£Æóϯ¡×¤È¤¤¤¦Ãͤϡ¢Â°À¥¿¥¤¥×¤È¤¤¤¦·¿¤ò¤Ä¤±¤ë¤³¤È¤¬¤Ç¤¡¢ÁÈ¿¥Ì¾(O: Organization Name)¡¢Éô½ð̾(OU: Organizational Unit Name)¡¢°ìÈÌ̾(CN: Common Name)¤Ê¤É¤Î¥¿¥¤¥×¤¬¤¢¤ê¤Þ¤¹¡£
Î㤨¤Ð¡¢±Ä¶È¤ÎÎëÌÚ¤µ¤ó¤òÆÃÄꤹ¤ë¤È¤¤Ë°ìÈÖ¾å¤Þ¤Ç¤Î¥¨¥ó¥È¥ê¤òé¤Ã¤Æ¡¢°Ê²¼¤Î¤è¤¦¤Ëɽ¸½¤·¤Þ¤¹¡£¤³¤ì¤ò¡Ö¼±ÊÌ̾(DN: Distinguished Name)¡×¤È¸Æ¤Ó¤Þ¤¹¡£¤³¤ì¤Ë¤è¤ê¾¤ÎÉô½ð¤ÎSuzuki¤µ¤ó¤È¤â¶èÊ̤Ǥ¤Þ¤¹¡£
CN=Suzuki,OU=Sales,O=MaruBatsu¼±ÊÌ̾¤Î¤¦¤Á¡¢¡ÖOU=Sales¡×¤Î¤è¤¦¤Ë¥¨¥ó¥È¥ê¤Î´Ý¤ÎÃæ¤òÁêÂм±ÊÌ̾(RDN: Relative Distinguished Name)¤È¸Æ¤Ó¤Þ¤¹¡£
¤Þ¤¿¡¢¤³¤Î¥¨¥ó¥È¥ê¤Î¥Ä¥ê¡¼¹½Â¤¤òDIT(Directory Information Tree)¤È¸Æ¤Ó¤Þ¤¹¡£
Muti-valued RDN¤È¤Ï¡©¤Ê¤¼É¬Íפ«¡©
¾åµ¤ÇÀâÌÀ¤·¤¿¼±ÊÌ̾(DN)¤Ç¡¢Æ±¤¸±Ä¶ÈÉô¤ËÎëÌÚ²Ö»Ò¤µ¤ó¤¬Æó¿Í¤¤¤¿¤é¤É¤¦¤·¤Þ¤·¤ç¤¦¡£°ìÈÌ̾¤Ë¶èÊ̤¹¤ë¤¿¤á¤Î¿ô»ú¤òÄɲä·¤¿¤ê¡¢ÄɲäÎÃͤȤ·¤Æ¡¢¼Ò°÷ÈÖ¹æ¤ä¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ç¶èÊ̤¹¤ë¤³¤È¤â¤Ç¤¡¢¥¨¥ó¥È¥ê¤òÄɲ䷤ƤâÎɤ¤¤Î¤Ç¤¹¤¬¡¢¤É¤ì¤â¥¤¥Þ¥¤¥Á¡£
¤½¤³¤Ç¡¢°ì¤Ä¤Î¥¨¥ó¥È¥ê¤ËÊ£¿ô¤ÎÃͤò¤Ä¤±¤Æ¼±Ê̤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£¤³¤ì¤ò Multi-valued RDN¤È¸Æ¤ó¤Ç¤¤¤Þ¤¹¡£
ƱÀƱ̾¤Î¿Í¤Ï¿ʬ¤¤¤ë¤Ç¤·¤ç¤¦¤«¤é¡¢¼Ò°÷ÈÖ¹æ¤ä¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ê¤É¾¤Î°ì°Õ¤Ê¤â¤Î¤ÈÁȤ߹ç¤ï¤»¤Æ´ÉÍý¤¹¤ë¤Î¤Ï¥¹¥Þ¡¼¥È¤Ê´ÉÍýÊýË¡¤À¤È»×¤¤¤Þ¤¹¤·¡¢°ìÉô¤Î¾¦ÍѤΥǥ£¥ì¥¯¥È¥ê¥µ¡¼¥Ð¡¼À½ÉʤǤϡ¢ÍøÍѼԿô¥Ù¡¼¥¹¤Ç¥é¥¤¥»¥ó¥¹²Ý¶â¤¹¤ë¤¿¤á¤Ë¡¢¥¨¥ó¥È¥ê¿ô¤ò»È¤¦¤â¤Î¤â¤¢¤ê¤Þ¤¹¤Î¤Ç¡¢Multi-valued RDN¤ò»È¤¦¤³¤È¤Ë¤è¤Ã¤Æ¥³¥¹¥Èºï¸º¤òÁÀ¤¦¤³¤È¤â¤Ç¤¤Þ¤¹¡£¤¿¤À¡¢Multi-valued RDN¤Ï¡¢¤¹¤Ù¤Æ¤ÎÀ½ÉʤǻȤ¨¤ë¤È¤¤¤¦¤â¤Î¤Ç¤â¤Ê¤¤¤Î¤Ç(Î㤨¤Ð¡¢¤È¤¢¤ëÀ½ÉʤΥ¹¥Þ¡¼¥È¥«¡¼¥É¤È¤«802.1Xǧ¾Ú¤È¤«¤Ç¸å¤Ë¤Ê¤Ã¤ÆÌäÂê¤Ë¤Ê¤Ã¤¿¤³¤È¤¬¤¢¤ê¤Þ¤·¤¿¤è¤Í¡¢¡¢¡¢)ËÜÅö¤Ë»È¤Ã¤Æ¤·¤Þ¤Ã¤Æ¤è¤¤¤«¤É¤¦¤«¤Ï¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÈÁêÃ̤·¤Æ·è¤á¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£
¼±ÊÌ̾¤Îʸ»úÎóɽ¸½
¼±ÊÌ̾¤Îʸ»úÎóɽ¸½¤Ë¤Ï¤¶¤Ã¤¯¤ê2¤Ä¤Îɽ¸½¤¬¤¢¤ê¤Þ¤¹¡£
CN=Matsuda Kenji,OU=Sales,O=MaruBatsuDIT¤Î¥Ä¥ê¡¼¹½Â¤¤Î²¼¤«¤é½ç¤Ë¥«¥ó¥Þ","¤Ç¤Ä¤Ê¤¤¤ÀÊýË¡¤È¡¢¾å¤«¤é½ç¤Ë¥¹¥é¥Ã¥·¥å"/"¤Ç¤Ä¤Ê¤°ÊýË¡¤Ç¤¹¡£
/O=MaruBatsu/OU=Sales/CN=Matsuda Kenji
¥«¥ó¥Þ¤ÇµÕ½ç¤Ë¤Ä¤Ê¤°ÊýË¡¤ÏRFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names¤ä¸å·Ñ¤Î4514¤Çµ¬Äꤵ¤ì¤Æ¤¤¤Þ¤¹¡£LDAP¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¥½¥Õ¥È¥¦¥§¥¢¤Ç¤Ï°ìÈÌŪ¤Ë»È¤ï¤ì¤Æ¤¤¤ëÊýË¡¤Ç¤¹¡£
¤â¤¦°ìÊý¤Î¡¢ÀèƬ¤Ë¥¹¥é¥Ã¥·¥å¤òÉÕ¤±¡¢¥¹¥é¥Ã¥·¥å¤ÇÀµ½ç¤Ç¤Ä¤Ê¤°ÊýË¡¤ÏOpenSSL compat¥Õ¥©¡¼¥Þ¥Ã¥È¤È¸Æ¤Ð¤ì¡¢OpenSSL¤Çɸ½àŪ¤Ë»È¤ï¤ì¤ë¤È¤È¤â¤Ë¡¢OpenSSL·Ï¤Î¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤Ç¤¢¤ëApache HTTP Server¡¢nginx¡¢lighttpd¤Ê¤É¤ÎÀßÄê¤Ê¤É¤Ç»È¤ï¤ì¤ëÊýË¡¤Ç¤¹¡£
Multi-valued RDN¤Î¾ì¹ç¤Ë¤Ï¡¢¤É¤Á¤é¤Î·Á¼°¤Ç¤âÃͤò¥×¥é¥¹"+"µ¹æ¤Ç¤Ä¤Ê¤¤¤Çɽ¸½¤·¤Þ¤¹¡£
CN=Matsuda Kenji+emailAddress=matsu@mb.com,OU=Sales,O=MaruBatsu¥×¥é¥¹¤Ç·Ò¤¬¤ì¤¿ÃͤÎɽ¼¨½ç½ø¤Ë¤Ä¤¤¤Æ¤Ï¡¢Æä˷è¤Þ¤ê¤Ï̵¤¤¤Èǧ¼±¤·¤Æ¤ª¤ê¡¢°Ê²¼¤ÎMulti-valued RDN¤ÇCN¤ÈemailAddress¤Î¤É¤Á¤é¤òÀè¤Ë¤·¤Æ¤âÎɤ¤¤Ï¤º¤Ç¤¹¡£¤³¤ì¤¬¤É¤Î¤è¤¦¤ËASN.1¤Ç¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤«¤Ï¸å¤Ç½Ò¤Ù¤Þ¤¹¡£
/O=MaruBatsu/OU=Sales/CN=Matsuda Kenji+emailAddress=matsu@mb.com
CN=Matsuda Kenji+emailAddress=matsu@mb.com
emailAddress=matsu@mb.com+CN=Matsuda Kenji
¼¡¤ËCN¤äOU¤Ê¤É¤Î°À¥¿¥¤¥×¤Îʸ»úÎóɽ¸½¤Ç¤¹¤¬¡¢¤É¤Î¤è¤¦¤Ëɽµ¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤¤¤È¤¤¤Ã¤¿¸·³Ê¤Êɸ½à¤Ï¤Ê¤¯¡¢¼ÂÁõ¤â¥Ð¥é¥Ð¥é¤Ç¤¢¤ë¤³¤È¤¬¤ï¤«¤Ã¤Æ¤¤¤Þ¤¹¡£8ǯÁ°¤ËXAdESĹ´ü½ð̾¤Ë´ØÏ¢¤·¤Æ¡¢¼±ÊÌ̾¤ÎÃæ¤Î°À¥¿¥¤¥×¤Îɽµ¤Î¼ÂÁõ¾õ¶·¤Ë¤Ä¤¤¤ÆÄ´ºº¤·¤Æ¤ª¤ê¡¢¤½¤Î»þ¤Ë¤Þ¤È¤á¤¿É½¤òºÆ·Ç¤·¤Þ¤¹¡£
X.509¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤òÄê¤á¤¿RFC 5280¤Î4.1.2.4Àá ȯ¹Ô¼Ô̾(Issuer)¤Ç¤Ï¡¢¼±ÊÌ̾¤Î°À¥¿¥¤¥×¤È¤·¤ÆÂбþ¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤(MUST)¥ê¥¹¥È¤È¡¢Âбþ¤¹¤Ù¤(SHOULD)°À¥¿¥¤¥×¤Î¥ê¥¹¥È¤¬·ÇºÜ¤µ¤ì¤Æ¤ª¤ê¡¢É½Ãæ¤Ç¤ÏMUST¤ò²«ÎС¢SHOULD¤ò²«¿§¡¢¤½¤Î¾¡¢¾ÚÌÀ½ñ¤Ç¼ÂºÝ¤Ë»È¤ï¤ì¤ë¤³¤È¤Î¤¢¤ë°À¥¿¥¤¥×¤Î¥ê¥¹¥È¤òÇò¤È¤·¡¢.NET¤ä³Æ¼ïJava¥Ù¡¼¥¹¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê¤Ç¤É¤Î¤è¤¦¤Ë°À¥¿¥¤¥×¤¬É½µ¤µ¤ì¤ë¤«¤ò¥Æ¥¹¥È¤·¤Þ¤·¤¿¡£É½¤ò¸«¤ì¤Ð¤ï¤«¤ë¤È¤ª¤ê¡¢·ë²Ì¤Ï¤«¤Ê¤ê¥Ð¥é¥Ð¥é¤Ç¤¹¡£¤Þ¤¿¡¢S/MIME¤Î¤¿¤á¤Ë»ÈÍѤµ¤ì¤ë»ö¤¬¤¢¤ê¡¢¼ÂºÝ¤Î¾ÚÌÀ½ñ¤Ç¤â¤«¤Ê¤ê´Þ¤Þ¤ì¤Æ¤¤¤ëemailAddress¤Î°À¥¿¥¤¥×¤â¡¢É¸½à¤Ç¤Ï¼ÂÁõ¤òµá¤á¤Æ¤¤¤Ê¤¤¤¿¤á¤ËÂбþ¤Ë¤Ð¤é¤Ä¤¤¬½Ð¤Æ¤¤¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£
º£¡¢¸«Ä¾¤·¤Æ¤ß¤ë¤ÈÅö»þ¤Ï¤Ê¤«¤Ã¤¿EV¾ÚÌÀ½ñÍѤΰʲ¼¤Î°À¥¿¥¤¥×¤â¡¢º£¤Ê¤é¥Æ¥¹¥È¤¹¤Ù¤¤À¤Ã¤¿¤«¤Ê¤¡¤È»×¤¤¤Þ¤¹¡£
- jurisdictionOfIncorporationL - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(»ÔĮ¼)
- jurisdictionOfIncorporationSP - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(ÅÔÆ»Éܸ©)
- jurisdictionOfIncorporationC - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(¹ñ)
¤Þ¤¿¡¢ ¥«¥ó¥Þ¤Ä¤Ê¤®¤Î¼±ÊÌ̾ɽµ¤Ç¤¢¤ëRFC 2253¤È¤½¤Î¸å·Ñ¤ÎRFC 4584¤Î°ã¤¤¤Ë¤Ä¤¤¤Æ8ǯÁ°¤Îµ»ö ¤Ç¤Þ¤È¤á¤Æ¤ª¤ê¡¢»ÅÍͤβþÄê¤Ë¤è¤Ã¤Æ¡¢¤è¤ê¼±ÊÌ̾ɽµ¤¬°ì°Õ¤Ë¤Ê¤ëÊý¸þ¤Ë½¤Àµ¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢ »ÅÍͤÎÃæ¤Ç¡ÖRFC 4514¤Ï¼±ÊÌ̾ʸ»úÎó¤Ï°ì°Õ¤Ë¤Ê¤é¤Ê¤¤(=Àµµ¬²½¤·¤Ê¤¤)¡×¤È¤¤¤¦ »ö¤¬ÌÀµ¤µ¤ì¤Æ¤ª¤ê¡¢¼±ÊÌ̾ʸ»úÎó¤Ï¡¢ÍÍ¡¹¤Êɽ¸½¤¬µö¤µ¤ì¤Æ¤ª¤ê¡¢ ñ½ã¤Êʸ»úÎóÈæ³Ó¤Ç¤ÏƱ¤¸¤Ç¤¢¤ë¤«¤É¤¦¤«¤òȽÃǤǤ¤Ê¤¤»ö¤ËÃí°Õ¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
¼±ÊÌ̾¤ÎASN.1ÄêµÁ¤È¹½Â¤
¼¡¤Ë¡¢¼±ÊÌ̾¤¬¡¢ASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Ë¤è¤ê¡¢¤É¤Î¤è¤¦¤Ë¥Ð¥¤¥ÈÎó¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¤ò¡¢
ÀâÌÀ¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£¤Þ¤ººÇ½é¤Ë¡¢¼±ÊÌ̾¤ÎASN.1ÄêµÁ¤ò¾Ò²ð¤·¤Þ¤·¤ç¤¦¡£
RFC 5280 4.1.2.4 Issuer¤è¤ê
¤Ä¤Þ¤ê¡¢// X.500̾¡¢¼±ÊÌ̾(DN)¤ÏRDN¤ÎʤÓ(SEQUENCE) Name ::= CHOICE { rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName // RDN¤Ï¡¢AttributeTypeAndValue 1¤Ä°Ê¾å¤ÎSET // ¤Ä¤Þ¤ê¡¢Ê£¿ôAttributeTypeAndValue¤¬¤¢¤Ã¤Æ¤â¤è¤¤¡£ // ¤³¤ì¤¬Ê£¿ô¤¢¤ì¤Ð Multi-valued RDN RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue // °À¥¿¥¤¥×¤È°ÀÃͤΥڥ¢ AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY // °ÀÃͤÏANY¤ÈÄêµÁ¤·¤Æ¤¤¤Ê¤¬¤é¤â¡¢DirectoryString¤Ç // ÄêµÁ¤µ¤ì¤¿¤¤¤º¤ì¤«¤Îʸ»ú¥¿¥¤¥×¤ò»ÈÍѤ¹¤ë DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..MAX)), printableString PrintableString (SIZE (1..MAX)), universalString UniversalString (SIZE (1..MAX)), utf8String UTF8String (SIZE (1..MAX)), bmpString BMPString (SIZE (1..MAX)) }
- ¼±ÊÌ̾(DN)¤Ï¡¢ÁêÂм±ÊÌ̾(RDN)¤ÎʤÓ(SEQUENCE OF)¤Ç¤¢¤ê
- ÁêÂм±ÊÌ̾(RDN)¤Ï¡¢Â°À¥¿¥¤¥×¤ÈÃÍ(AttributeTypeAndValue)¤Î½¸¹ç(SET OF)¤Ç¤¢¤ê
- °À¥¿¥¤¥×¤ÈÃÍ(AttributeTypeAndValue)¤Ï¡¢Â°À¥¿¥¤¥×¤ÈÃͤÎʤÓ(SEQUENCE)¤Ç¤¢¤ë
- SEQUENCE¤ÏÇÛÎó¤Î¤è¤¦¤Ê¤â¤Î¤Ç¡¢½ç½ø´Ø·¸¤Î¤¢¤ëʤӤòɽ¤¹ºÝ¤Ë»È¤¤¤Þ¤¹¡£
- SET¤Ï½¸¹ç¤Î¤è¤¦¤Ê¤â¤Î¤Ç¡¢¹½À®Í×ÁǤÎÃæ¤Ë¤ÏÆä˽ç½ø´Ø·¸¤Ï¤Ê¤¤¾ì¹ç¤Ë»È¤¤¤Þ¤¹¡£
- ñ¤ËSEQUENCE¤äSET¤È¤Ê¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢¹½À®Í×ÁǤÎASN.1¥¯¥é¥¹¤¬°Û¤Ê¤ë¾ì¹ç¤Ë »È¤¤¤Þ¤¹¡£¾å¤ÎÎã¤Ç¤ÏAttributeTypeAndValue¤¬¤½¤ì¤ËÅö¤¿¤ê¤Þ¤¹¡£
- SEQUENCE OF¡¢SET OF¤È¤·¤¿¾ì¹ç¡¢¹½À®Í×ÁǤÎASN.1¥¯¥é¥¹¤¬Æ±¤¸·¿¤Î¾ì¹ç¤Ë »È¤¤¤Þ¤¹¡£¾å¤ÎÎã¤Ç¤Ï¡¢Name¤äRDN¤¬¤½¤ì¤ËÅö¤¿¤ê¤Þ¤¹¡£
¤½¤ì¤Ç¤Ï¡¢Îã¤È¤·¤Æ°Ê²¼¤Î¼±ÊÌ̾¤òASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£
CN=aaa,O=TEST,C=JPRFC 2253¤Î¾ì¹ç¤Ë¤Ï¡¢µÕ½ç¤ÇRDN¤¬Ê¤֤Τǡ¢°Ê²¼¤Î¤è¤¦¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤Þ¤¹¡£
ASN.1¥Ç¡¼¥¿¤Ï¥Ç¡¼¥¿·¿¤òɽ¤¹¥¿¥°¡¢¥Ð¥¤¥ÈĹ¡¢Ãͥǡ¼¥¿¤è¤ê¹½À®¤µ¤ì¡¢¾å¤ÎÎã¤ÎºÇ¸å¤Î¹Ô¤Ç¤Ï¡¢0C¤¬UTF8String·¿¡¢03¤¬¥Ð¥¤¥ÈĹ(=3)¡¢616161(=aaa)¤¬Ãͤòɽ¤·¤Æ¤¤¤Þ¤¹¡£302A SEQUENCE(30) OF -- DN 310B SET(31) OF -- RDN[1] 3009 SEQUENCE(30) -- AttributeTypeAndValue 0603550406 ObjectIdentifier(06) countryName 13024A50 PrintableString(13) "JP" 310D SET(31) OF -- RDN[2] 300B SEQUENCE(30) -- AttributeTypeAndValue 060355040A ObjectIdentifier(06) organizationName 0C0454455354 UTF8String(0C) "TEST" 310C SET(31) OF -- RDN[3] 300A SEQUENCE(30) -- AttributeTypeAndValue 0603550403 ObjectIdentifier(06) commonName 0C03616161 UTF8String(0C) "aaa"
¤µ¤Æ¡¢¼¡¤ËMulti-valued RDN¤Î¾ì¹ç¤Ë¤Ï¤É¤Î¤è¤¦¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¡¢²¼¤ÎÎã¤ò¸µ¤Ë¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£¤³¤³¤Ç¤Ï¡¢CN=aaa¤ÈCN=a¤Î2¤Ä¤ÎAttributeTypeAndValue¤¬»ÈÍѤµ¤ì¤Æ¤¤¤Þ¤¹¡£
CN=aaa+CN=a,O=TEST,C=JP¤³¤ì¤òASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤¹¤ë¤È°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£ºÇ¸å¤ÎRDN¤ËÃíÌܤ·¤Æ¤¯¤À¤µ¤¤¡£CN=a¤ÈCN=aaa¤ÈÆó¤Ä¤ÎAttributeTypeAndValues¤¬¤¢¤ë¤³¤È¤¬³Îǧ¤Ç¤¤Þ¤¹¡£¤Þ¤¿¡¢¤Þ¤¿¡¢CN=a¤ÈCN=aaa¤Ç¤Ï¡¢É¬¤ºCN=a¤¬Àè¤ËÍè¤ë¤³¤È¤Ë¤âÃíÌܤǤ¹¡£
¤³¤ÎRDNÃæ¤ÎCN=a¡¢CN=aaa¤Î½ç½ø´Ø·¸¤Ë¤ÏASN.1 DER¤ÈBER¤Î¤Á¤ç¤Ã¤È¤·¤¿°ã¤¤¤¬´Ø·¸¤¬¤¢¤ê¤Þ¤¹¡£DER¤ÏBER¤Î¥µ¥Ö¥»¥Ã¥È¤Ç¤Ê¤ó¤Ç¤¹¤¬¡¢BER¤Ç¤ÏÊ£¿ô¤Îɽ¸½¤¬µö¤µ¤ì¤ë¤Î¤ËÂФ·¡¢DER¤Ç¤Ïɬ¤º°ì°Õ¤Êɽ¸½¤Ë¤Ê¤ê¤Þ¤¹¡£¤½¤Î°ã¤¤¤òɽ¤Ë¤Þ¤È¤á¤Þ¤·¤¿¡£3034 DN 310B RDN[1] C=JP 3009 0603550406 13024A50 310D RDN[2] O=TEST 300B 060355040A 0C0454455354 3116 RDN[3] CN=aaa+CN=a SEQUENCE(30)¤¬2¤Ä¤¢¤ë 3008 ATV[1] CN=a CN=a¤ÎÊý¤¬Àè¤ËÍè¤Æ¤¤¤ë 0603550403 0C0161 300A ATV[2] CN=aaa 0603550403 0C03616161
ASN.1 DER | ASN.1 BER | |
---|---|---|
³µÍ× | ASN.1¤Î°ì°Õ¤Ê¥¨¥ó¥³¡¼¥Éµ¬Â§ | ASN.1¤Î¥¨¥ó¥³¡¼¥Éµ¬Â§¡£DER¤Î¥¹¡¼¥Ñ¡¼¥»¥Ã¥È¤ÇDER¤Ç¤¢¤ì¤ÐBER |
¶¦Ä̤ÎÆÃħ | ÄÌ¿®¤ÎÀ¤³¦¤Ç¤ÏŤ¤Îò»Ë¤Î¤¢¤ë¡¢CPU¤äÀ°¿ô·¿¤Î¥µ¥¤¥º¤ËÀ©¸Â¤µ¤ì¤Ê¤¤¡¢µðÂç¤Ê¥Ç¡¼¥¿¤â°·¤¨¤ë¡¢Ç¤°Õ¤Î¹½Â¤²½¥Ç¡¼¥¿¤ò°·¤¨¤ë¥Ç¡¼¥¿É½¸½¡£XML, JSON¤ËÈæ¤Ù¥³¥ó¥Ñ¥¯¥È¡£ | |
ÍÑÅÓ | ¾ÚÌÀ½ñ¡¢CRL¡¢OCSP¡¢RFC3161¥¿¥¤¥à¥¹¥¿¥ó¥× | S/MIME¥Ç¡¼¥¿¡¢CMS½ð̾¡¦°Å¹æ²½¥Ç¡¼¥¿¡¢PKCS#12 |
Èæ³Ó | ɬ¤ºÉ½¸½¤Ï°ì°Õ¡£Ä¶µðÂç¤Ê¥Ç¡¼¥¿¤Ç¤âŤµ¤¬Í½¤á¤ï¤«¤Ã¤Æ¤¤¤Ê¤¤¤È¤¤¤±¤Ê¤¤¤Î¤Ç¡¢¥¹¥È¥ê¡¼¥à½èÍý¤Ê¤ÉÉÔ¸þ¤ | Ê£¿ô¤Îɽ¸½¤¬¤¢¤ë¡£Ä¶Â礤ʥǡ¼¥¿¤Ç¤â¼è¤ê°·¤¤²Äǽ |
SET | Í×ÁǤΥХ¤¥ÈÎó¤Ç¾º½ç¥½¡¼¥È¤¹¤ë | ¥½¡¼¥È¤·¤Ê¤¯¤ÆÎɤ¤ |
BOOLEAN | TRUE¤Î¤ß»È¤¨¡¢FALSE¤Ï¾Êά¤¹¤ë¤è¤¦¥¯¥é¥¹ÄêµÁ | TRUE¡¢FALSE¤¬»È¤¨¤ë |
ÉÔÄêĹɽ¸½ | ŤµÉ½¸½¤Ï°ì°Õ¤Ç¡¢Í½¤á¥Ç¡¼¥¿¥µ¥¤¥º¤¬¤ï¤«¤Ã¤Æ¤¤¤Ê¤¤¤È¤¤¤±¤Ê¤¤¡£ | ŤµÉ½¸½¤ÇÉÔÄêĹɽ¸½¤¬»È¤¨¡¢Ä¹¤µ¤ò8000¤È¤·¤¿¾ì¹ç¤½¤ì¤Ï³«»Ïµ¹æ¤Ç0000¤¬Â³¤¯¤Þ¤Ç°ì¤Ä¤ÎÍ×ÁǤǤ¢¤ê¡¢Â礤ʥǡ¼¥¿¤â°·¤¤¤ä¤¹¤¤¡£ |
SET¤ÎÍ×ÁǤϡ¢³ÆÍ×ÁǤòASN.1¥¨¥ó¥³¡¼¥É¤·¤¿¤È¤¤Î¾º½ç¤Î¼½ñ½ç¤Ç¥½¡¼¥È¤µ¤ì¡¢¤¶¤Ã¤¯¤ê¸À¤¨¤Ð¡¢
- Í×ÁǤÎû¤¤ÊªÄøÀè
- Ʊ¤¸Ä¹¤µ¤Ê¤é°À¥¿¥¤¥×¤ÎŤµ¤¬Ã»¤¤Êý¤¬Àè
Á´ÂΤÎŤµ¤¬Æ±¤¸»þ¡¢3008 0603550403 0C0161 CN=a 300A 0603550403 0C03616161 CN=aaa ^^ Á´ÂΤÎŤµL¤¬08, 0A¤Î½ç¤Ë¤Ê¤ë¤Î¤ÇƱ¤¸Â°À¥¿¥¤¥×Ĺ¤Ê¤é°ÀÃͤÎû¤¤Êý¤¬Àè C,O,OU,CN¤Ê¤É¼çÍפÊ°À¥¿¥¤¥×¤ÏOID¤ÎÃͤ¬2.5.4.x¤Ë¤Ê¤ë¤Î¤ÇƱ°ì°À¥¿¥¤¥×Ĺ
^^ Á´ÂΤÎŤµ¤ÏƱ¤¸¤Ê¤é 3011 0603550403 0C0A6162636465666768696A CN=abcdefghij 3011 060B2B0601040182373C020103 0C024A50 jurisdictionOfIncorporateC=JP ^^ °À¥¿¥¤¥×¤ÎÃͤÎû¤¤Êý¤¬Àè
OpenSSL¤ÎMulti-valued RDNÂбþ
OpenSSL¤ÏMULTI-valued RDN¤ËÂбþ¤·¤Æ¤ª¤ê¡¢"-multivalue-rdn"¤ò¤Ä¤±¤ë¤À¤±¤Ç¤¹¡£ Î㤨¤Ð¡¢´û¸¤ÎÈëÌ©¸°¤Ç¥ï¥ó¥é¥¤¥Ê¡¼¤ÇMulti-valued RDN¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºî¤ê¤¿¤¤»þ
openssl genrsa 2048 > a.prvMulti-valued RDN¤Î¾ÚÌÀ½ñȯ¹ÔÍ×µá¤òºî¤ê¤¿¤¤¤È¤
openssl req -new -key a.prv -x509 -subj /C=JP/O=Test/OU=b+CN=a -out c.cer -multivalue-rdn
openssl req -new -key a.prv -subj /C=JP/O=Test/OU=b+CN=a -out c.csr -multivalue-rdn¤È¤Ê¤ê¤Þ¤¹¡£
jsrsasign¤ÎMulti-valued RDNÂбþ
jsrsasign¤Ï¡¢»ä¤¬¼ñÌ£¤Çºî¤Ã¤¿Pure JavaScript¤Ë¤è¤ë°Å¹æ¥é¥¤¥Ö¥é¥ê¤Ç¤·¤Æ¡¢2010ǯ¤°¤é¤¤¤«¤é¥Ü¥Á¥Ü¥Á²Ë¤ò¸«¤Ä¤±¤Æ¤ÏºòÆü¤òÄɲ䷤Ƥª¤ê¡¢ºÇ½é¤ÏRSA½ð̾¤À¤±¤À¤Ã¤¿¤â¤Î¤¬¡¢ASN.1¤ä¾ÚÌÀ½ñ¤ä¥¿¥¤¥à¥¹¥¿¥ó¥×¤äJOSE¤Ê¤ó¤«¡¢¼«Ê¬¤¬¡ÖÍߤ·¤¤¤Ê¡×¤È»×¤Ã¤¿»þ¤ËÁýÃÛ¤ò·«¤êÊÖ¤·¤Æ¤ª¤ê¡¢PKI¤äASN.1¤äJOSE(JWS,JWT,JWK)´Ø·¸¤Ç¤Á¤ç¤Ã¤È»î¤·¤¿¤¤¤Ê¤È»×¤Ã¤¿»þ¤Ë½ÅÊõ¤·¤Æ¤¤¤Þ¤¹¡£
¥¦¥§¥Ö¥Ö¥é¥¦¥¶¾å¤Ç¤â¡¢Node¤Ç¤â»È¤¨¡¢API¥É¥¥å¥á¥ó¥È¤ä¥µ¥ó¥×¥ë¤â½¼¼Â¤µ¤»¤Æ¤¤¤ë¤Î¤Ç¡¢·ë¹½¥æ¡¼¥¶¤ÏÀ¤³¦Ãæ¤Ë¤¤¤¿¤ê¡¢ºÇ¶á¤ÏSONY¤ä²£²Ï(¤ä¾¡¼ê¤Ë¤¦¤Á¤Î²ñ¼Ò¡Ê¡°¡°¡¨)¤Î¥Ï¡¼¥É¥¦¥§¥¢¾¦ÉʤǤâ»È¤ï¤ì¤Æ¤¤¤ë¤³¤È¤¬È¯³Ð¤·¤¿¤ê¡¢Node¤Înpm¥Ñ¥Ã¥±¡¼¥¸¤Ï·î´Ö10Ëü¼å¤Î¥À¥¦¥ó¥í¡¼¥É¤¬¤¢¤ë¤è¤¦¤Ç¡¢¥Û¥ó¥È¤¢¤ê¤¬¤¿¤¤ÏäǤ¹¡£
JavaScript¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê¤ÎAPI¤È¤·¤Æ¤Ï¡¢W3C Web Crypto API¤Ê¤É¤¢¤ë¤ó¤Ç¤¹¤¬¡¢¥â¥Ð¥¤¥ë¥Ö¥é¥¦¥¶¤Ç¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤¥±¡¼¥¹¤¬¤¢¤Ã¤¿¤ê¡¢¸Å¤¤°Å¹æ¤¬»È¤¨¤Ê¤«¤Ã¤¿¤ê¡¢¤Á¤ç¤Ã¤È½ñ¤³¤¦¤È»×¤Ã¤Æ¤â²¿¹Ô¤â½ñ¤«¤Ê¤±¤ì¤Ð¤¤¤±¤Ê¤«¤Ã¤¿¤ê¡¢ÌÌÅݤ¯¤µ¤¤¤ó¤Ç¤¹¤è¤Í¡£¤½¤³¤Ç¡¢jsrsasign¤Ç¤Ï¡¢¡Ö¤Ê¤ë¤Ù¤¯¾¯¤Ê¤¤¹Ô¿ô¤Ç¤ä¤ê¤¿¤¤»ö¤¬¤Ç¤¤ë¡×¤Ã¤Æ¤¤¤¦¤Î¤òÌÜɸ¤Ë¤·¤Æ¤¤¤Æ¡¢Î㤨¤Ð¸°¤Ê¤ó¤«¤ÏÈëÌ©¸°¤Ç¤â¸ø³«¸°¤Ç¤âPKCS#5¤Ç¤âPKCS#8¤Ç¤âJSON Web Key¤Ç¤â¤Ê¤ó¤Ç¤âKEYUTIL.getKey¤ËÅϤ·¤Æ¤·¤Þ¤¨¤ÐŬÅö¤Ë½èÍý¤·¤Þ¤¹¡£¤Þ¤¿¡¢PC¤Ç¤â¥¹¥Þ¥Û¤Ç¤âNode¤Ç¤â¡¢Â¿¾¯¸Å¤¤´Ä¶¤Ç¤âJavaScript¤µ¤¨Æ°¤±¤Ð»È¤¨¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤Þ¤¿¡¢API¥É¥¥å¥á¥ó¥È¤ä¥Á¥å¡¼¥È¥ê¥¢¥ë¤Î»ñÎÁ¤â¤Ç¤¤ë¸Â¤ê½áÂô¤ËÍÑ°Õ¤·¤¿¤Ä¤â¤ê¤Ç¤¹¡£
³ä¤ÈºÇ¿·¤ÎÏäޤÇÆþ¤Ã¤Æ¤¤¤ë±Ñ¸ì¤ÎÆþÌ祹¥é¥¤¥É¤¬¤¢¤Ã¤¿¤ê¡¢
¤Þ¤¿¤Á¤ç¤Ã¤È¸Å¤¤¤Ç¤¹¤¬¡¢2013ǯ¤ËJNSA¤ÎWG¤Ç¤ªÏä·¤¿jsrsasign¤Èjsjws¤¬Ê̤γ«È¯¥é¥¤¥ó¤À¤Ã¤¿»þ¤ÎÆþÌ祹¥é¥¤¥É
¤¬¤¢¤ë¤Î¤Ç¤è¤«¤Ã¤¿¤é»²¹Í¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
¥É¥¥å¥á¥ó¥ÈÎà¤ÏÀÛ¤¤±Ñ¸ì¤Î¤â¤Î¤·¤«¤Ê¤¯¤Æ¿½¤·Ìõ¤Ê¤¤¤Ç¤¹¤¬¡¢ÌäÂê¤È¤«¤¢¤ì¤Ð¡¢Issue¤Ë¤ÏÆüËܸì¤ÇÆþ¤ì¤Æ夤¤Æ¹½¤ï¤Ê¤¤¤Î¤ÇÆþ¤ì¤Æ失¤ì¤Ð¤È»×¤¤¤Þ¤¹¡£
¤Ç¡¢jsrsasign¤òMulti-valued RDNÂбþ¤µ¤»¤¿¤ê¡¢¥«¥ó¥Þ·Ò¤®DNÂбþ¤·¤¿¤¤¤Ê¤È»×¤Ã¤Æ¤¤¤Æ¡¢¤è¤¦¤ä¤¯6.2.2¤ò¥ê¥ê¡¼¥¹¤·¤¿ºÇ¶á¤Ë¤Ê¤Ã¤Æ¤«¤éÂбþ¤µ¤»¤Þ¤·¤¿¡£ Î㤨¤Ð¡¢Multi-valued RDN¤Î¼±ÊÌ̾¤¬¤É¤Î¤è¤¦¤ËASN.1 DER¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¤Ê¤ó¤ÆÏäϡ¢¼¡¤Î¤è¤¦¤Ë³Îǧ¤Ç¤¤Þ¤¹¡£
¤¢¤È¤Ï¡¢¾ÚÌÀ½ñȯ¹ÔÍ×µá(CSR)¤òºî¤Ã¤¿¤ê¡¢% node > var X509Name = require("jsrsasign").KJUR.asn1.x509.X500Name; > new X509Name({str: "/C=JP/O=T1+CN=kjur"}).getEncodedHex(); '3027310b3009060355040613024a5031183009060355040a0c025431300b06035504030c046b6a7572'
¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤¿¤ê¤¹¤ë»þ¤Ë¤âMulti-valued RDN¤¬»È¤¨¤Þ¤¹¡£var rs = require("jsrsasign"); var kp = rs.KEYUTIL.generateKeypair("RSA", 2048); pem = rs.KJUR.asn1.csr.CSRUtil.newCSRPEM({ subject: {ldapstr: 'OU=T1+CN=example.com,O=Test,C=US'}, ext: [ {subjectAltName: {array: [{dns: 'example.net'}]} ], sbjpubkey: pubKeyPEM, sigalg: "SHA256withRSA", sbjprvkey: prvKeyPEM });
³ä¤ÈÍ»Ä̤¬Íø¤¯¤Î¤Ç¡¢¤è¤«¤Ã¤¿¤é»È¤Ã¤Æ¤ä¤Ã¤Æ¤¯¤À¤µ¤¤¡£var pem = KJUR.asn1.x509.X509Util.newCertPEM({ serial: {int: 4}, sigalg: {name: 'SHA1withRSA', paramempty: true}, issuer: {str: '/C=US/O=a'}, notbefore: {str: '130504235959Z'}, notafter: {str: '140504235959Z'}, subject: {ldapstr: 'OU=kjur+CN=kjur,O=b,C=US'}, sbjpubkey: kp.pubKeyObj, ext: [ {basicConstraints: {cA: true, critical: true}}, {keyUsage: {bin: '11'}}, ], cakey: kp.pubKeyObj });
¤ª¤ï¤ê¤Ë
¤È¤¤¤¦¤ï¤±¤ÇĹ¡¹¡¢Multi-valued RDN¤ä¼±ÊÌ̾(DN)¤Î¤³¤È¤Ç¥À¥é¥À¥é½ñ¤¤¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£¤´¤á¤ó¤Ê¤µ¤¤¡£Ã¯¤«¤Î»²¹Í¤Ë¤Ê¤ì¤ÐÎɤ¤¤«¤Ê¡¢¤È»×¤¤¤Þ¤¹¡£
Äɵ(2016.12.19)
¤¢¤Ã¡¢¸í²ò¤µ¤ì¤Ê¤¤¤è¤¦¤Ë½ñ¤¤¤Æ¤ª¤¤Þ¤¹¤È¡¢»ä¤È¤·¤Æ¤Ï¡¢Multi-valued RDN¤ò¹¤á¤¿¤¤¤È¤«¡¢»È¤¦¤Ù¤¤À¤È¤«¸À¤¦¤Ä¤â¤ê¤ÏÌÓƬ¤¢¤ê¤Þ¤»¤ó¡£Áê¸ß±¿ÍÑÀ¤¬¹â¤¤Êý¸þ¤Ç¥¤¥ó¥Õ¥éÀ߷פ¹¤ë¤Î¤¬¸¶Â§¤Ç¤¢¤ê¡¢»È¤ï¤Ê¤¯¤ÆºÑ¤à¤Ê¤é»È¤ï¤Ê¤¤Êý¤¬¤¤¤¤¤Ç¤·¤ç¤¦¡£¤¿¤À¡¢¼õ¤±¼è¤Ã¤¿¤È¤·¤Æ¤â¡¢¤Ó¤Ã¤¯¤ê¤·¤Ê¤¤¤Ç¤Í¡¢¤È¡¢¡¢¡¢¡¢£÷