Skip to content

X.509 Entity Authentication

Wesley Miaw edited this page Jul 15, 2016 · 2 revisions

The X.509 entity authentication scheme only provides authentication using an RSA or ECC key pair. The certificate subject canonical name is considered the device identity. A certificate authority trust store may be used to restrict acceptance of certificates.

Encryption of application data is possible once the client has been issued a master token.

This scheme is identified by the string X509.

Authentication Data Representation

authdata = {
  "#mandatory" : [ "x509certificate" ],
  "x509certificate" : "string",
}
Field Description
x509certificate Base64-encoded X.509 certificate (i.e. PEM formatted)

Authentication

The signature is computing using SHA256withRSA or SHA256withECDSA and included as raw bytes within a version 1 MSL signature envelope.

Clone this wiki locally