Public Key Infrastructure for CAC

CAC is based on X.509 certificates with software middleware enabling an operating system to interface with the card using a hardware card reader. X.509 is the established standard that defines basic formats for Public Key Infrastructure (PKI) such as certificate and Certificate Revocation List (CRL) format and enables basic interoperability. 

The following topics are provided:

Public Key Infrastructure Overview

Public Key Infrastructure (PKI) offers a scalable method of securing networks, reducing management overhead, and simplifying the deployment of network infrastructures by deploying security protocols including IPSec, Secure Shell (SSH), and Secure Socket Layer (SSL).

PKI is a system that manages encryption keys and identity information for the human and mechanical components of a network that participates in secured communications.

PKI consists of:

• Certificate authority (CA) that both issues and verifies the digital certificates
• Registration authority (RA) which verifies the identity of users requesting information from the CA
• Central directory — a secure location in which to store and index keys
• Certificate management system
• Certificate policy

For a person or a piece of equipment to enroll in a PKI, the software on a user's computer generates a pair of encryption keys that will be used in secured communications: a public and a private key. In the case of the Common Access Card, the keys and certificates are stored on the CAC Smart Card.

The private key is never distributed or revealed. Conversely, the public key is freely distributed to any party that negotiates a secure communication. The PKI keys are generated as a pair at the time that the CAC is issued to an individual. The private key is inserted and maintained on the Integrated Circuit Chip of the CAC. During the enrollment process the user's public key is sent in the certificate request to the Certificate Authority, which is responsible for digital signing and publishing the public key bound to a given user. This is done using the CA's own private key, so that trust in the user key relies on one's trust in the validity of the CA's key. When the CA is a third party separate from the user and the system, then it is called the Registration Authority (RA), which may or may not be separate from the CA. The user sends the public key to the registration component of the CAs. Subsequently, the administrator approves the request and the CA generates the user's certificate. After the user receives a certificate and installs it on the computer, he or she can participate in the secured network. For CACs, this entire process is handled when the CAC is provisioned.

PKI provides:

• confidentiality — assurance that the person receiving is the intended recipient;
• integrity — verification that no unauthorized modification of data has occurred;
• authentication — proof that the sender is who he claims to be;
• non-repudiation — assurance that the person sending cannot deny participation.

PKI Usage

PKI is used most frequently for encrypted e-mail communications and IPSec tunnel negotiation, both of which use the identity and security features of the certificate. The identity components determine the identity of the user, their level of access to the particular type of communication under negotiation, and the encryption information that protects the communication from other parties who are not allowed access. Communicating parties will exchange certificates and inspect the presented information. The certificates are checked to see if they are within their validity period and if the certificate was generated by a trusted PKI. If all the identity information is appropriate, the public key is extracted from the certificate and used to establish an encrypted session.

X.509 Certificate Fields

Typically a digital certificate contains the:

• subject;
• owner's public key;
• algorithms used to generate the signature;
• expiration date of the public key;
• serial number of the digital certificate;
• name of the issuer (the CA that issued the digital certificate);
• digital signature of the issuer;
• key usage.

The CAC certificates include each of these attributes, plus additional attributes that could be needed for authentication such as Subject Alternative Name (SAN) and Extended Key Usage (EKU).

Subject

The Subject consists of the Distinguished Name (DN), which is the certificate owner's full name and X.509 structure. For the CAC, this is in the format:

CN=LastName.FirstName.MiddleName.EDI/PI,OU=CONTRACTOR,OU=DoD,O=U.S. Government,C=US

Subject Alternative Name

On the CAC, the SAN field contains two fields. The first field is the email address of the user and the second is called the Principal Name (PN). The PN is an important field. This is the field that is used when the CAC is integrated into the Active Directory. The data in this field is in the format EDI/PI@mil.

The SAN field exists on two certificates on the CAC, the Digital Signature Certificate and the Encryption Certificate. However, only the Digital Signature Certificate contains the Principal Name field. CAC certificates are detailed in the CAC Certificate section.

Extended Key Usage

The EKU field indicates one or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes indicated in the key usage extension field. On the CAC, the certificate that is used for Active Directory Smart Card Logon contains this attribute with the Object Identifier (OID) for Smart Card Logon. This field is different from the Key Usage (KU) field, which defines the primary purposes of the certificate and is backwards compatible with earlier versions of X.509.

CAC Certificates

Among other information, the CAC also contains the certificates needed to perform PKI functions. Three certificates are present on the CAC; each certificate provides separate functionality. Among the certificates, the only common identifier is the Subject field. This field contains an identical Distinguished Name on all three certificates.

A CAC has different types of certificates.

• Identity
• Encryption
• Digital signature.

Identity Certificate is used for identifying a user and gaining access to closed (PK Enabled) websites for authentication. A user is allowed to login to the site with his CAC and PIN versus having to input login and password. The Identity Certificate contains the Key Usage fields that indicate that this certificate is to be used for Digital Signature and Non-Repudiation. This is the only certificate that does not contain either a SAN or EKU. This is also the only certificate signed by a CA.

Digital Signature Certificate  ­– refers to a transformation of a message using an asymmetric cryptosystem such that a person who has the initial message and the signer's public key can accurately determine:  whether the transformation was created using the private key that corresponds to the signer's public key; and whether the initial message has been altered since the transformation was made. The Digital Signature Certificate contains both the SAN and EKU. The SAN contains the email address of the user and the PN. This certificate EKU also has the Smart Card Logon purpose. This is the certificate that is used by Active Directory for Smart Card Logon.

Encryption Certificate is used for encrypting a message. The Encryption Certificate contains a SAN, but the SAN contains only the email address and no PN. This certificate does not contain an EKU.