-
Notifications
You must be signed in to change notification settings - Fork 78
X.509 Entity Authentication
Wesley Miaw edited this page Jul 15, 2016
·
2 revisions
The X.509 entity authentication scheme only provides authentication using an RSA or ECC key pair. The certificate subject canonical name is considered the device identity. A certificate authority trust store may be used to restrict acceptance of certificates.
Encryption of application data is possible once the client has been issued a master token.
This scheme is identified by the string X509
.
authdata = {
"#mandatory" : [ "x509certificate" ],
"x509certificate" : "string",
}
Field | Description |
---|---|
x509certificate | Base64-encoded X.509 certificate (i.e. PEM formatted) |
The signature is computing using SHA256withRSA or SHA256withECDSA and included as raw bytes within a version 1 MSL signature envelope.
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide