OpenSSL template file generator for embedding pictures or audio logotypes into X.509 digital certificates. This tool's main purpose is help with automated generation of OpenSSL templates for embedding specific logotypes (either images and audio, cfr. below) into either public-key and attribute certificates conforming with ITU-T X.509 / RFC 5280 standard.
Certificate logos/logotypes augment the UX of end-user applications and improve the overall digital trust, as they provide trusted visual representations of people, organizations, website and/or IT systems which digital certificates are bound to. The digital signature of a CA over such digital certificate also protects the embedded logos/logotypes, thus ensuring their integrity and authenticity together with the rest of the certified data (e.g. a public key or attribute). In order to effectively exploit this "side-channel trust", either the digital signing or the digital signature validation processes should support parsing the logo(s) from the certificate payload (further details in the 8 examples below).
Implements X.509 Public Key Infrastructure (PKI) standard RFC 9399 (“Logotypes in X.509 Certificates”) from May 2023, which obsoletes both RFC 3709 and RFC 6170. This may also be used for electronic certificates, pursuant to Regulation (EU) №910/2014 “eIDAS”, as recently updated by Regulation (EU) №1183/2024 “eIDAS2”, which are used for European trust services underpinned by the following kinds of digital signatures or digital certificates:
- electronic signature (e-signing),
- electronic seal (e-sealing),
- wallet-relying party access certificate (WPAC),
- website authentication certificate (WAC),
- electronic attestation of attributes (EAA),
- electronic timestamp (e-timestamping),
- electronic archival (e-archiving);
- electronic ledger (DLT).
Electronic certificates with embedded logotypes can be used as both public-key certificates (for e-signing, e-sealing, WAC, WPAC applications) and as attribute certificates (for EAA applications, e.g. via digital identity wallets). For the latter cfr. both ETSI TR 119-476 and the original RFC 5755 standards.
File formats where certificate logotypes may improve the overall UX are those directly supporting the use of advanced digital signatures (AdES, advanced e-signatures/seals):
- PDF: both Adobe's PDF Signature (ISO 32000-2), and “PAdES” from the ETSI EN 319-142 family;
- XML: both W3C's XML Digital Signature (XML-DSIG), and “XAdES” from the ETSI EN 319-132 family;
- PKCS#7: both “CAdES” from the ETSI EN 319-122 family, and the original “CMS”* (RFC 5652);
- JSON: both JSON Web Signature (JWS from RFC 7515), and “JAdES” from the ETSI TS 119-182 family.
A non-exhaustive list of applications potentially benefiting from the embedding of images or audio content as certificate logos/logotypes includes:
- Compositing, on an electronically signed (e-sign) PDF document, the scanned raster of the signatory (natural person)'s handwritten signature, derived from the e-certificate itself. When the e-signed document is printed on paper or viewed on screen, this provides a convincing visual representation of an handwritten signature to relying parties. Besides, the signature is not pasted from a potentially untrusted image under the control of anyone, but rather it is parsed from the e-certificate itself as part of the e-signing process, thus that is still under the control of the signatory. The signature's raster is indeed a public payload, thus it may be copied on untrusted certificates or even documents without a valid e-signature. Yet, its association with the e-certificate's public key (and, reflectively, with the e-signature itself) is cryptographically sound: relying parties who trust an e-signing process designed to enable a "certificate logotype workflow" will also trust the authenticity of the signature raster. The e-signature itself, however, is the one legally binding evidence on the document, not the embedded logo, cfr. ETSI EN 319-142 “PAdES” standards' family for more details.
- Compositing, on an electronically sealed (e-seal) PDF document, the organizationl logotypes (legal person) that visually improve both the document's integrity and authenticity. Cfr. considerations from the previous bullet point.
- Extract, from the identification (IdV) certificate in an electronic identification (eID) means (e.g. an e-Passport, or the Italian CIE eID card), the owner's ICAO-compliant photograph raster. The Authority that e-sealed the above certificate has previously and authoritatively identity-proofed the subject. Relying parties may trust such cryptographic binding to identify the subject, by comparing the photograph embedded into the IdV certificate with a real-time scan of the subject's appearence, acquired during automated or manual inspection by a (e.g. customs) officer. Comparison with the printed photograph on the eID card may also be used to authenticate the ID/travel document itself. This process augments and builds from eID Passive Authentication (PAC) method (cfr. BSI TR-03110 standard).
- The web browser where a given website (or any other online HTTPS resource) is visited displays the logotype of such trusted website's organization directly parsing it from its website authentication certificate (WAC), or "TLS certificate". In this case the logo extracted from the validated WAC provides improved user experience (UX) on the association of the visited page with its legitimate owner (instead of relying on
commonName
or lenghtier-to-read distinguished names in the WAC). Again, relying parties trusting the web browser's WAC validation process should trust the authenticity of websites with such valid WACs. - Any digital identity wallet pursuant to the eIDAS EUDIW framework's architecture reference (ARF) where WPACs are issued to enhance the trust across different actors within the federation/ecosystem (e.g. wallet and EAA providers, relying parties), each actor embedding its own logo in the WPAC, as well as the European Commission's eIDAS/EUDIW trustmark, to improve the trust of users and relying parties towards the other federated subjects.
- Applications performing identification/authentication/authorization processes, e.g. by means of XML/JSON/JWS/SD-JWT VC based messaging like SAML/OAuth/OpenID Connect (OIDC) assertons, tokens, decentralized identifiers (DIDs), verifiable credentials/presentations, transactions on databases/e-ledgers/blockchains, as well as attestations of attributes may carry pictures representing such processes, as well as the logotypes of their service/identity providers, relying parties and attribute authorities (AAs) These logos may be displayed by web/mobile applications to improve visual identification of such parties and provide better UX and digital trust to the users.
- Web/mobile apps processing e-money, payment cards or cryptocurrency transactions may display the logos from either the card's EMV circuit, the issuing bank, the merchant(s), the cryptoasset system and the crypto-wallet itself, again, in order to improve the overall UX and provide real-time "visual trust" to such transactions.
- Operating systems parsing an e-signed/sealed file usually represent it on the desktop/GUI by means of an icon (which usually resembles the file format or provides a thumbnail preview of the file content). Even without, or before, formally validation of the digital signature(s) in the file (as per RFC 5280) the logo(s) embedded in the corresponding certificate(s) may be parsed and superimposed over this icon, in the form of one or multiple badges. That may improve the users' visibility as to whether the file was digitally signed, as well as to the technical and legal binding of those signature (e.g. whether the file has a single, multiple or parallel signatures; whether they are advanced, simple or EU-qualified e-signatures/seals; etc.). After formal validation, an additional badge may display the outcome for each signature (for a limited time only, to account for certificates having been potentially revoked/suspended/expired).
The first argument to pass is the pathname an OpenSSL-valid configuration file (may also be empty when initially written by the present tool, otherwise data are just appended to it). Other arguments are optional (but at least one is required):
[-i URIorFilename] Filename or URI where a valid Issuer logotype can be found;
[-s URIorFilename] Filename or URI where a valid Subject logotype can be found;
[-c URIorFilename] Filename or URI where valid Community logotype(s) can be found (can be invoked multiple times);
[-O oid -o URIorFileame] OID and filename (or URI) where any other logotype(s) can be found (can be invoked multiple times).
Certificate logotypes for the eight applications above may be generated using pyCertLogo
using the following suggested commands:
- Electronic trust service provider (eTSP) issuing e-signing certificate with the eTSP's own logo as Issuer logotype (
-i
/--issuer
) and a raster image representing the signer's handwritten signature (e.g. a monochromatic transparent PNG) as the Subject logotype (-s
/--subject
). A Qualified trust service provider (QTSP) may add the eIDAS trust mark, pursuant to Commission Implementing Regulation (EU) №806/2015, as another logotype (-O
and-o
) associated to a reserved OID by the European Commission (EC). - eTSP issuing e-sealing certificate with the eTSP's own logo as Issuer logotyoe (
-i
) and a raster image representing the seal-creator organization's logo as the Subject logotype (-s
). Optionally, a QTSP may add the eIDAS trust mark as another logotype (-O
+-o
) associated to the aforementioned EC-reserved OID. - Authority governing an ID/eID means issues an IdV certificate using the Authority's own logo as Issuer logotype (
-i
), the eID subject's photograph as Subject logotype (-s
) and, optionally, either the ICAO logo and the organization manufacturing the smartcard's logo as community logos (multiple-c
/--community
). - eTSP issuing web access certificate (WAC) using the eTSP's own logo as Issuer logotype (
-i
), the website owner's own logo as Subject logotype (-s
) and, optionally, the CA/Browser Forum's own logo as Community (-c
) or other logotype (-o
+-O
). A QTSP may add the eIDAS trust mark as another logotype (-O
+-o
) associated to the aforementioned EC-reserved OID, for further display, by the web browser, of the qualified status of the authenticated website (pursuant to eIDAS2 Regulation art.45). - All subjects with in the EUDIW ecosystem are expected to digitally sign (e-seal) all sorts of messages and static evidences, including all sorts of verifiable credentials (VCs), verifiable presentations (VP), EAA schemas, and Trust Lists (TLs). Issuer (
-i
) and subject (-s
) logotypes can be embedded (or externally linked) by the person identifier (PID) providers', wallet providers', relying parties', device manufacturers' and any other subjects' issuing CAs, as well as from EAA providers' issuing AAs. Optionally, the EUDIW or the eIDAS trust mark can be embedded as well, as either a community (-c
) or a 'other' logotype identified by a European Commission registered OID (-o
+-O
), including a EUDIW-specific OID. It is also expected that such logotypes (or their references) are also contained in the respective EU TLs where all of the above federated subjects have been registered. - The application e-seals every messages (e.g. SAML requests/responses/assertions, OAuth/OIDC tokens) for authentication/integrity purposes, using the certificate's issuing CA's logo as Issuer logotype (
-i
) and the application's (or the app owner's) own logo as Subject logotype (-s
). Optionally, either the logo of the identification/authentication/authorization framework (e.g. the OAuth logo) and the specific federation (e.g. the SPID or the CieID logos for the Italian eIDs) as either community (-c
) and other logotype, each identifiedy by its own reserved OIDs (multiple-o
+-O
). In the context of the EUDIW, that also applies to any PIDs e-sealed by the respective PID providers. - Authorization certificate for e-money transactions contains (references to) the logo(s) of either the card's circuit (e.g. EMV), issuing central or commercial bank, cryptowallet provider, merchant, cryptocurrency framework, etc.., as well as some logo referring to the card's owner (e.g. the company logo in case of business payment cards).
- The certificate parsed from the e-signature/seal uses the issuing eTSP as Issuer logotype (
-i
), a visual identifier of the signatory/seal-creator's (e.g. its logo, the raster of a stamp from the organization, or the CEO's handwritten signature) as Subject logotype (-s
), plus additional logos. To help blending such badges with different OS graphic backgrounds, a background picture may also be parsed from the certificate, which badges are composited over. Alternatively, an image representing the digital certificate itself (along with itsSubjectDN
,IssuerDN
, expiration dates, etc.) may be included. In the latter two cases, logotypes are embedded as 'other' (-o
+-O
) and using specificid-logo-background
andid-logo-certImage
strings in place of OIDs.
Logotypes may be “directly” embedded in the X.509 certificate. That considerably increases their payload size, up to some very resource-constrained applications/hardware failing to process the certificate, despite the Logotype extension (OID 1.3.6.1.5.5.7.20
) is non-critical.
Alternatively, logos may be “indirectly” referenced from the certificate: each logotype is an externally provided content (e.g. uploaded on a CDN) and the certificate just contains a URI to that. In this case the certificate payload is not significantly increased, but at the expenses of the issuing CA or AA, which should provide for the logotype(s)' online availability.
Hashing of logotypes is mandatory as per RFC 9399 (both for direct and indirect ones), yet their trust function is relevant only in the indirect referencing, as the CA/AA's digital signature also protects any directly-embedded logos. Thus, at least a SHA-256 digest should be used for indirectly-referenced logotypes, whereas a shorter (even insecure) digest may be used for directly embedded ones, in order to reduce the certificate's size. This latter suggestion holds only if the whole digital certificate's validation procedure (as per RFC 5280 takes precedence over the display or use of any embedded logotypes.
Security considerations apart, direct embedding should be used in place of indirect embedding only for small raster logos (GIF or PNG no bigger than 200×150 pixels) or very "simple" vector logos (SVG).
Currently supported file formats for certificate logotypes are SVG (and SVGZ), PNG, JPEG, PDF and GIF, as well as MP3 (meant to contain audio descriptions for pictorial logotypes). This tool checks that input files are valid in their respective formats, but does not perform strict constraints checking (e.g. it checks for the lack of any <script>
elements in an SVG and also canonicalizes it, but does not validate it as SVG Tiny 1.2, as per RFC). However, it is up to the users' sole responsibility to ensure the files both comply with the technical format constrains from RFC 9399 and, above all, do not contain any malware, as this would end up being embedded in or referenced by digital certificates, potentially providing an out-of-band attack vector.
This Python script includes a class to manipulate Object Identifiers (OIDs), plus classes to prepare the logos embedding within X.509 certificates. The script's output is a multi-section, OpenSSL configuration text file template that can be used by OpenSSL itself to embed commandline-input logotypes into newly generated digital certificates relying on that template.
Certificates whch are part of a chain, particularly leaf certificates, should not include logos referred by/to CAs higher along the trust chain ‒ provided embedded logotypes are used for intermediate (sub-CA) and root CA certificates as well. Those logos should in fact be included only as logotypes within those CA certificates. For example, it is not recommended, as it is a waste of certificate payload size as well as computing resource during cerfificate parsing/validation, to have the same logo embedded as a Subject logo in a CA certificate as well as the Issuer logo in subordinate or end-user certificates issued by that CA. The same goes, mutatis mutandis, for AAs issuing (leaf) attribute certificates.
Logos associated to a whole (technical or administrative) PKI may be included as Community/other logos within the root certificates of the PKI. Logos associated to circuits, frameworks and/or programs, should be embedded only in the highest-ranking sub-CA certificate dedicated to issuing certificates for those circuits/frameworks/programs.
In all the aforementioned cases, and if there is a specific requirement (e.g. to allow atomic display of all logos associated to a leaf certificate by parsing only one certificate), you may design the PKI to directly embed all and any relevant logotypes within the leaf (public-key or attribute) certificates only ‒ whereas higher-rank CA-certificates are void of, or indirectly reference the logos. Or vice versa. Consider what each alternative entails, both technically with your digital signing and validation processes, as well as UX-wise, then ensure to stay consistent about that. Long story short, a logotype for an internal CA which acts as both a certificate issuer and subject along the chain, should be directly embedded once only within certificates along the trust chain, so that a validation algorithm is expected to perform one parsing operation, for the same logo, during the validation process of any end-user certificate.