Enrollment Over Secure Transport
   HOME

TheInfoList



Click Here for Items Related To - Enrollment Over Secure Transport
OR:
Enrollment Over Secure Transport on:   [Wikipedia]   [Google]   [Amazon]

The Enrollment over Secure Transport, or EST is a
cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...
that describes an X.509 certificate management protocol targeting
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilit ...
(PKI) clients that need to acquire client certificates and associated certificate authority (CA) certificates. EST is described in . EST has been put forward as a replacement for SCEP, being easier to implement on devices already having an HTTPS stack. EST uses HTTPS as transport and leverages
TLS TLS may refer to: Computing * Transport Layer Security, a cryptographic protocol for secure computer network communication * Thread level speculation, an optimisation on multiprocessor CPUs * Thread-local storage, a mechanism for allocating vari ...
for many of its security attributes. EST has described standardized URLs and uses the well-known Uniform Resource Identifiers (URIs) definition codified in .


Operations

EST has a following set of operations:


Usage example

The basic functions of EST were designed to be easy to use and although not a REST API, it can be used in a REST-like manner using simple tools such as
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...
and
cURL cURL (pronounced like "curl", UK: , US: ) is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client URL". History cURL was fi ...
. A simple command to make initial enrollment with a pre-generated PKCS#10 Certificate Signing Request (stored as device.b64), using one of the authentication mechanisms (username:password) specified in EST is: The issued certificate, returned as a Base64 encoded PKCS#7 message, is stored as device-p7.b64.


See also

*
Certificate Management Protocol The Certificate Management Protocol (CMP) is an Internet protocol standardized by the IETF used for obtaining X.509 digital certificates in a public key infrastructure (PKI). CMP is a very feature-rich and flexible protocol, supporting any types ...
(CMP) *
Certificate Management over CMS The Certificate Management over CMS (CMC) is an Internet Standard published by the IETF, defining transport mechanisms for the Cryptographic Message Syntax (CMS). It is defined in , its transport mechanisms in . Similarly to the Certificate ...
(CMC) * Simple Certificate Enrollment Protocol (SCEP) *
Automated Certificate Management Environment The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users' servers, allowing the automated deployment of public key infrastructure at ...
(ACME)


References

* , official specification


Implementations

* The librar
libest
is a client and server implementation of EST.
Bouncy Castle API
offers EST API library for Java. *
EJBCA EJBCA (formerly: ''Enterprise JavaBeans Certificate Authority'') is a free software public key infrastructure (PKI) certificate authority software package maintained and sponsored by the Swedish for-profit company PrimeKey Solutions AB, which h ...
, a CA software, implements a subset of the EST functions.
Evertrust Horizon
implements . *
Entrust Entrust Corp., formerly Entrust Datacard, provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificat ...
CA PKIs support EST functions Public key infrastructure Cryptographic protocols Computer security Internet Standards {{Crypto-stub