Viro/Henkilökortti/Varmenne

Kohteesta DigiWiki
Siirry navigaatioon Siirry hakuun

Virolaisen ? sukupolven, elliptisen kaaren algoritmilla varustettu korttivarmenne.

Havaintoja:

  • avaimena on IK, joka vastaa suomalaista HETU:a.
  • etunimessä molemmat etunimet, joka noudattaa paikallista puhuttelutapaa
  • Kortin sarjanumero noudattaa ETSI-muotoa.
  • Sähköpostiin liittyvää:
    • varmenteen sisältä ei löydy itse ilmoitettua sähköpostiosoitetta
    • henkilötunnukseen perustuva uudelleenohjaus-osoite (valtion tekemä) on olemassa
    • sähköposti on mainittu käyttötarkoituksena EKU:ssa
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number:
           45:90:9d:d5:44:44:e1:f4:5f:4f:6c:51:3f:dc:c7:75
       Signature Algorithm: ecdsa-with-SHA512
       Issuer: C = EE, O = SK ID Solutions AS, organizationIdentifier = NTREE-10747013, CN = ESTEID2018
       Validity
           Not Before: Sep  2 09:56:33 2020 GMT
           Not After : Sep  1 21:59:59 2025 GMT
       Subject: C = EE, CN = "TUOMALA,JUHA MATTI,37207300043", SN = TUOMALA, GN = JUHA MATTI, serialNumber = PNOEE-37207300043
       Subject Public Key Info:
           Public Key Algorithm: id-ecPublicKey
               Public-Key: (384 bit)
               pub:
                   04:43:da:6b:b4:70:c0:ce:01:98:10:ca:a9:d8:14:
                   ae:0d:9a:2d:d6:6a:3d:c2:2b:e2:30:e5:ac:c3:14:
                   a3:46:bd:0a:79:08:df:5b:d6:cc:d2:16:a7:a7:04:
                   a2:d5:4a:a0:f5:6d:17:da:1b:e7:0b:e7:b4:bd:07:
                   e0:06:06:b1:02:6b:7c:c0:8e:68:eb:0c:cc:98:15:
                   99:93:9f:89:a5:ce:7d:97:ca:e9:cd:5c:32:36:a9:
                   41:e8:4c:76:58:3e:22
               ASN1 OID: secp384r1
               NIST CURVE: P-384
       X509v3 extensions:
           X509v3 Basic Constraints: 
               CA:FALSE
           X509v3 Key Usage: critical
               Digital Signature, Key Agreement
           X509v3 Certificate Policies: 
               Policy: 1.3.6.1.4.1.51361.1.1.2
                 CPS: https://www.sk.ee/CPS
               Policy: 0.4.0.2042.1.2

           X509v3 Subject Alternative Name: 
               email:37207300043@eesti.ee
           X509v3 Subject Key Identifier: 
               4F:BA:C2:38:15:4E:47:DB:4B:31:9C:42:90:F4:E4:2A:79:A0:C2:67
           qcStatements: 
               0S0Q.....F..0G0E.?https://sk.ee/en/repository/conditions-for-use-of-certificates/..EN
           X509v3 Extended Key Usage: critical
               TLS Web Client Authentication, E-mail Protection
           X509v3 Authority Key Identifier: 
               keyid:D9:AC:70:DB:5F:7E:BE:94:F8:A0:E4:BE:47:A2:D0:34:AD:9A:2A:12

           Authority Information Access: 
               OCSP - URI:http://aia.sk.ee/esteid2018
               CA Issuers - URI:http://c.sk.ee/esteid2018.der.crt

   Signature Algorithm: ecdsa-with-SHA512
        30:81:87:02:41:28:e6:b6:bf:ed:9d:41:f2:59:7b:61:d8:bd:
        40:25:1e:06:6b:17:6e:b3:cb:0e:94:75:d7:f4:5f:58:63:df:
        1a:e8:8f:fe:51:bb:d8:b0:25:9b:8f:11:89:73:53:93:1d:f8:
        bd:02:11:ad:f0:03:24:d7:da:67:39:13:74:d9:27:3b:02:42:
        01:cb:27:ed:35:d4:97:14:da:8c:fb:be:d4:eb:be:61:d1:0f:
        ee:a3:91:95:89:39:a7:78:92:06:c8:9a:ed:ab:e9:5f:71:d9:
        e2:59:ac:00:2e:2f:cb:1f:95:1d:1c:dc:a0:b6:80:59:a0:52:
        5c:e9:bf:74:b6:87:a4:bd:db:45:6f:4f


Varmenteen taanneen intermediate-CA:n (CN = ESTEID2018) tuloste:

Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number:
           75:47:fa:ac:14:74:4b:8b:5b:a3:66:d4:fe:66:55:ed
       Signature Algorithm: ecdsa-with-SHA512
       Issuer: C = EE, O = SK ID Solutions AS, organizationIdentifier = NTREE-10747013, CN = EE-GovCA2018
       Validity
           Not Before: Sep 20 09:22:28 2018 GMT
           Not After : Sep  5 09:11:03 2033 GMT
       Subject: C = EE, O = SK ID Solutions AS, organizationIdentifier = NTREE-10747013, CN = ESTEID2018
       Subject Public Key Info:
           Public Key Algorithm: id-ecPublicKey
               Public-Key: (521 bit)
               pub:
                   04:01:c7:38:19:6f:ed:4a:d1:3d:83:f5:c8:78:4e:
                   6f:b4:40:fd:80:43:6e:d8:32:9d:25:4c:a9:87:71:
                   9c:5a:ca:1d:45:e1:ea:d1:64:82:1b:c7:b8:0d:64:
                   d8:34:a8:9b:58:44:e6:4a:a1:07:95:6c:a4:37:a6:
                   6f:05:83:24:13:90:59:01:8e:23:fd:2d:dc:4b:5c:
                   70:b6:23:78:ce:c5:f7:13:8f:77:35:1b:65:a2:1b:
                   a4:d4:47:a5:08:15:06:91:57:d3:1a:4b:4e:05:b6:
                   ec:ca:48:32:15:3c:0c:70:56:16:97:80:68:d5:f7:
                   79:4a:43:e2:00:b9:72:f8:6c:2b:44:45:12
               ASN1 OID: secp521r1
               NIST CURVE: P-521
       X509v3 extensions:
           X509v3 Authority Key Identifier: 
               keyid:7E:29:56:E7:34:92:78:4E:77:E1:6F:2E:33:2A:98:71:C1:FD:34:9F

           X509v3 Subject Key Identifier: 
               D9:AC:70:DB:5F:7E:BE:94:F8:A0:E4:BE:47:A2:D0:34:AD:9A:2A:12
           X509v3 Key Usage: critical
               Certificate Sign, CRL Sign
           X509v3 Basic Constraints: critical
               CA:TRUE, pathlen:0
           X509v3 Certificate Policies: 
               Policy: 0.4.0.2042.1.2
               Policy: 0.4.0.194112.1.2
               Policy: 1.3.6.1.4.1.51361.1.1.1
                 CPS: https://www.sk.ee/CPS
               Policy: 1.3.6.1.4.1.51361.1.1.2
               Policy: 1.3.6.1.4.1.51455.1.1.1
               Policy: 1.3.6.1.4.1.51361.1.1.5
               Policy: 1.3.6.1.4.1.51361.1.1.6
               Policy: 1.3.6.1.4.1.51361.1.1.7
               Policy: 1.3.6.1.4.1.51361.1.1.3
               Policy: 1.3.6.1.4.1.51361.1.1.4
               Policy: 1.3.6.1.4.1.51361.1.1.8
               Policy: 1.3.6.1.4.1.51361.1.1.9
               Policy: 1.3.6.1.4.1.51361.1.1.10
               Policy: 1.3.6.1.4.1.51361.1.1.11
               Policy: 1.3.6.1.4.1.51361.1.1.12
               Policy: 1.3.6.1.4.1.51361.1.1.13
               Policy: 1.3.6.1.4.1.51361.1.1.14
               Policy: 1.3.6.1.4.1.51361.1.1.15
               Policy: 1.3.6.1.4.1.51361.1.1.16
               Policy: 1.3.6.1.4.1.51361.1.1.17
               Policy: 1.3.6.1.4.1.51361.1.1.18
               Policy: 1.3.6.1.4.1.51361.1.1.19
               Policy: 1.3.6.1.4.1.51361.1.1.20
               Policy: 1.3.6.1.4.1.51455.1.1.2
               Policy: 1.3.6.1.4.1.51455.1.1.3
               Policy: 1.3.6.1.4.1.51455.1.1.4
               Policy: 1.3.6.1.4.1.51455.1.1.5
               Policy: 1.3.6.1.4.1.51455.1.1.6

           X509v3 Extended Key Usage: critical
               OCSP Signing, TLS Web Client Authentication, E-mail Protection
           Authority Information Access: 
               OCSP - URI:http://aia.sk.ee/ee-govca2018
               CA Issuers - URI:http://c.sk.ee/EE-GovCA2018.der.crt

           qcStatements: 
               0
0......F..
           X509v3 CRL Distribution Points: 

               Full Name:
                 URI:http://c.sk.ee/EE-GovCA2018.crl

   Signature Algorithm: ecdsa-with-SHA512
        30:81:88:02:42:00:de:b9:46:38:1d:cc:d4:6c:52:92:d3:4d:
        87:67:cf:20:72:58:18:77:3b:47:aa:09:44:37:24:cc:b5:71:
        3a:74:c0:51:9c:26:e0:52:68:41:08:00:34:98:94:87:6f:21:
        49:f1:6f:62:90:b8:92:ca:ea:e6:90:93:34:84:31:3d:2a:02:
        42:01:23:aa:03:8d:39:21:ae:67:2a:34:c9:3c:db:07:42:53:
        22:ec:a6:6c:21:c4:c7:3a:80:5c:73:1f:b9:e0:df:19:5f:53:
        20:06:8c:c9:99:3e:7d:ad:96:3f:db:f3:9e:13:5e:b7:04:0c:
        03:d1:47:54:40:09:cc:3c:fe:be:5b:75:5d

Katso myös