Public keys, Private Keys, and certificates
When performing authentication, SSL uses a technique called Public-keyCryptography.
Public-key cryptography is based on the concept of a key pair, which consists of a public key and a private K EY. Data that have been encrypted with a public key can is decrypted only with the corresponding private key. Conversely, data that have been encrypted with a private key can is decrypted only with the corresponding public key.
The owner of the key pair makes the public key available to anyone, but keeps the private key secret.
A certificate verifies that's an entity was the owner of a particular public key.
Certificates that follow the "contain a data section" and a signature section. The data section includes such information as:
-
The distinguished Name of the entity that owns the public key
-
The distinguished Name of the entity that issued the certificate
-
The period of time during which the certificate is valid
-
The public key itself
You can obtain a certificate from a Certificate authority (CA) such as VeriSign. Alternately, you can create a self-signed certificate, in which the owner and the issuer is the same.
An organization that issues certificates can establish a hierarchy of CAs. The root CA has a self-signed certificate. Each subordinate CA have a certificate that's signed by the next highest CA in the hierarchy. A certificate chain is the certificate of a particular CA, plus the certificates of any higher CAs up through the Root CA.
- Previous: Index
- Next: Keytool Program
Public keys, Private Keys, and certificates