Digital Signatures
How it works
Digital signatures are based on asymmetric cryptography. In other words, a private key is held by the signatory, while a public key is accessible to all parties wishing to verify the legitimacy of a signature. The public key is stored in a digital certificate. The certificate serves to verify that the public key in question belongs to the individual in whose name it is registered. To guarantee the identity of the signer and prevent the generation of keys without proof, the certificate is signed by an authorised authority, which then adds the certificate to the chain. This results in the generation of a chain, the certificate chain. The top-most certificate must be trusted and is referred to as the Root Certificate Authority (Root CA). Brifle is a Root CA. We first identify the users and subsequently issue the certificate, which serves to prove that a public key is associated with a user. The user retains the private key, which is stored on the user's device.
Brifle Certificate
- Sandbox Chain
- Production Chain
-----BEGIN CERTIFICATE-----
MIIB3jCCAWSgAwIBAgIUXBrjKDloyHWAcnt/W4Wa/m5x2SEwCgYIKoZIzj0EAwIw
XTELMAkGA1UEBhMCREUxCzAJBgNVBAgMAkJXMRIwEAYDVQQHDAlTdHV0dGdhcnQx
FDASBgNVBAoMC0JyaWZsZSBHbWJIMRcwFQYDVQQLDA5TYW5kYm94IFN5c3RlbTAe
Fw0yNDA4MTkyMTQ1MzJaFw0yODA4MTgyMTQ1MzJaMEwxCzAJBgNVBAYTAkRFMQsw
CQYDVQQIDAJCVzEUMBIGA1UECgwLQnJpZmxlIEdtYkgxGjAYBgNVBAMMEXNhbmRi
b3guYnJpZmxlLmRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5lE/9J7amv3h
EvIEQSEHGBpTMFWef3Lw+aEbQH/vFjzB6gL6p3wnnw9FfqI637mMks5/A9BH6nim
HMaCJP5bdaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNoADBlAjAF
g5rzwcJt4NJsdKnC/jQf3WoRPZnJszkkR4LHFQP6PtdJFcKUL82nEM2b/wPyxRsC
MQCQZW2osyGeKV0GgPRR96ISzxoFChbypYMn9NkHF7z98bzb4+bcNexabHyIa1v9
H7M=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICTDCCAdKgAwIBAgIUQaF9WaM8BgXQsBw2vKOSc4wW0PAwCgYIKoZIzj0EAwIw
XTELMAkGA1UEBhMCREUxCzAJBgNVBAgMAkJXMRIwEAYDVQQHDAlTdHV0dGdhcnQx
FDASBgNVBAoMC0JyaWZsZSBHbWJIMRcwFQYDVQQLDA5TYW5kYm94IFN5c3RlbTAe
Fw0yNDA4MTkyMTQ1MDFaFw0zOTA4MTYyMTQ1MDFaMF0xCzAJBgNVBAYTAkRFMQsw
CQYDVQQIDAJCVzESMBAGA1UEBwwJU3R1dHRnYXJ0MRQwEgYDVQQKDAtCcmlmbGUg
R21iSDEXMBUGA1UECwwOU2FuZGJveCBTeXN0ZW0wdjAQBgcqhkjOPQIBBgUrgQQA
IgNiAATS5r3NPStqgYKcNqMxpi+3CuYHG+hiBwUULTVzfHqA+BvXwR88rA0fXeNu
2LHhADqtAt1Cm1TRdUMOVQ4kaQ68fohBCmxSWVpZLz0Gw/3DX4nid6VeSrsnU08t
Ll3TN4ujUzBRMB0GA1UdDgQWBBRXsaAmUT7sQMOWbq2HMHBmAM/JPTAfBgNVHSME
GDAWgBRXsaAmUT7sQMOWbq2HMHBmAM/JPTAPBgNVHRMBAf8EBTADAQH/MAoGCCqG
SM49BAMCA2gAMGUCMQCwkTN1iiqiuqbGeb5GwwOKu/GgRQ0TTPZduvmcLSLDZkyF
u3uJPI8jXIIcwyXU2aYCMEI7bf8SsTD4zriS0gKy6Tts+nseHF3Jn5ONGUK+MBKu
tAvirkRBrjD4DZL+f53lbQ==
-----END CERTIFICATE-----
The root certificate contains the following data:
| Data | |
|---|---|
| Version | 3 (0x2) |
| Serial Number | 41:a1:7d:59:a3:3c:06:05:d0:b0:1c:36:bc:a3:92:73:8c:16:d0:f0 |
| Signature Algorithm | ecdsa-with-SHA256 |
| Issuer | C = DE, ST = BW, L = Stuttgart, O = Brifle GmbH, OU = Sandbox System |
| Validity | |
| Not Before | Aug 19 21:45:01 2024 GMT |
| Not After | Aug 16 21:45:01 2039 GMT |
| Subject | C = DE, ST = BW, L = Stuttgart, O = Brifle GmbH, OU = Sandbox System |
| Subject Public Key Info | |
| Public Key Algorithm | id-ecPublicKey |
| Public-Key | (384 bit) |
| pub | |
| ASN1 OID | secp384r1 |
| NIST CURVE | P-384 |
| X509v3 extensions | |
| X509v3 Subject Key Identifier | |
| X509v3 Authority Key Identifier | |
| X509v3 Basic Constraints | critical |
| Signature Algorithm | ecdsa-with-SHA256 |
Added soon