[Openstandaarden] [OT] e-id (nog eens)

Wouter Verhelst wouter at grep.be
Mon Jun 20 14:41:17 CEST 2005 

On Fri, Jun 17, 2005 at 12:23:27PM +0200, Peter Vandenabeele wrote:
> Het probleem dat ik zie is niet het tekenen met de _geheime_ sleutel, maar
> dat het "semi-publieke" certificaat ineens _alle_ informatie vrijgeeft.

Dat doet het niet. Het geeft het RRN mee, en je naam; adresgegevens
staan op de kaart, maar niet in het certificaat.

Voorbeeld (authentication-certificaat van mijn dummy eID-kaart):

----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:00:00:00:00:01:01:19:28:1d:8d
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=BE, CN=SPECIMEN Citizen CA
        Validity
            Not Before: Dec 28 10:10:54 2004 GMT
            Not After : Dec 28 10:10:54 2006 GMT
        Subject: C=BE, CN=Alice SPECIMEN (Authentication), SN=SPECIMEN, GN=Alice A0802/serialNumber=71715100070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:8b:9f:3d:37:04:09:72:9c:bb:a1:94:18:e5:bb:
                    2b:bc:5c:3e:87:6f:f8:6b:3a:06:d4:c7:89:3a:b0:
                    92:ac:7a:42:8d:80:86:1a:d5:27:6f:c9:ad:04:e1:
                    d5:88:97:9f:03:20:3e:ca:5b:aa:15:97:51:20:27:
                    f4:10:c4:2a:ab:b3:34:64:1f:26:14:2b:55:1b:3f:
                    3c:76:7d:86:7e:73:e6:c1:57:27:f6:f1:9c:b5:b8:
                    cd:7a:18:b1:c3:ec:22:39:28:a6:50:b6:81:5a:b0:
                    78:de:dd:7c:56:14:7b:7a:fd:08:a5:8c:fb:3e:e1:
                    98:fe:8f:20:1a:cd:4d:7e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Certificate Policies: 
                Policy: 0.3.2062.9.6.1.31.3.1
                  CPS: http://repository.specimen-eid.belgium.be

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Authority Key Identifier: 
                keyid:13:50:2C:A9:03:99:5A:14:CF:0F:B0:7B:08:AD:53:AD:5B:39:E5:1F

            X509v3 CRL Distribution Points: 
                URI:http://crl.specimen-eid.belgium.be/eidc0001.crl

            Netscape Cert Type: 
                SSL Client, S/MIME
            Authority Information Access: 
                CA Issuers - URI:http://certs.specimen-eid.belgium.be/belgiumrs.crt
                OCSP - URI:http://ocsp.specimen-eid.belgium.be

    Signature Algorithm: sha1WithRSAEncryption
        45:a0:ce:0c:96:08:fa:c4:df:7b:f7:02:2b:10:23:56:05:6b:
        8a:45:7a:31:36:f9:9b:36:cb:52:61:ab:06:e0:41:b6:a9:3a:
        90:70:71:6b:c0:ef:fa:d8:df:62:ac:3c:46:a6:fc:65:14:38:
        2e:8a:6f:b3:48:51:1c:d3:c1:31:f5:bd:b4:d8:bd:42:cd:c0:
        c3:57:7f:fb:4c:b9:1c:40:f0:30:39:3a:20:fa:a1:20:68:31:
        3c:05:ca:47:ea:c0:30:28:bc:9c:bb:37:e3:a6:d1:aa:6d:80:
        37:07:35:78:dd:6c:ab:ec:51:74:e4:18:5f:08:25:3a:bb:a5:
        ab:c2:79:cb:06:ff:57:4b:a3:df:58:72:82:c8:ec:db:ad:72:
        af:08:c9:50:df:a0:3c:14:bd:83:1d:99:63:71:5e:6d:9f:68:
        b9:5f:a1:ab:aa:f0:1b:7e:5e:06:b9:49:ba:6d:52:bb:d3:b1:
        5f:04:b8:59:c9:71:f9:45:b9:e9:08:f5:b9:e8:de:0f:74:01:
        f4:af:bc:82:42:61:ff:81:ed:59:96:3e:95:05:76:a9:a1:fe:
        26:f8:f4:47:eb:a0:bd:c6:11:9a:f2:32:a1:cb:fb:ad:46:9c:
        24:19:1d:71:cc:1b:9c:0a:b8:d2:6d:a7:71:e9:b9:f1:3c:a0:
        f1:b0:b1:24
----

-- 
The amount of time between slipping on the peel and landing on the
pavement is precisely one bananosecond

More information about the Openstandaarden mailing list