Java and digital certificates
- Java and digital certificates
- Issuance and application of certificates
- The content and meaning of the certificate
- Other
A certificate (Certificate, also known as Public-key Certificate) is a digital credential that can be used as an intermediary for a trust relationship by digitally signing certain content, such as a public key, with some sort of signature algorithm. The certificate issuer informs the certificate consumer or entity of its public key (Public-key) and some other ancillary information by issuing a certificate. Certificates are widely used in e-commerce security transactions, and certificate issuers are also known as CAS (Certificate authority).
Issuance and application of certificates
The role of certificates in public key cryptography is to ensure that public keys are published in certain trusted institutions, which have important applications in protocol SSL and electronic Transaction protocol set.
Figure 1 shows one of the simplest ways to apply a certificate:
The application steps for the certificate are:
(1) A to send its own public key pka to the CA (Certificate authority);
(2) The CA generates a certificate with its own private key and A's public key, including the digital signature of the CA in the certificate. The Signature object includes the content that needs to be stated in the certificate, such as the public key of a, timestamp, serial number, etc., in order to simplify the assumption that there are only three items in the certificate: A's public key pka, timestamp TIME1, and serial number IDA. Then CA sent to a simple certificate credentials can be expressed as: Certa=eca[time1,ida,pka];
(3) B also send its own public key PKB to the CA;
(4) B Obtain the certificate issued by CA CERTB;
(5) A inform B certificate Certa;
(6) B inform a certificate CERTB.
A, b each obtains each other's certificate, uses the public key obtained from the CA (in the CA's self-visa book) to verify each other's certificate is valid, if valid, then obtains each other's public key. Using the other's public key, you can encrypt the data, or can be used to verify the other's digital signature.
In order to facilitate the explanation, and do not use the certificate obtained from the CA, but the two sides of the communication generated from the visa book, that is, figure 1, A and B are not through the CA, but only if A and B have each other's certificate.
The content and meaning of the certificate
Certificate Core Items |
meaning |
Version |
Tell me which version of the certificate is the V1, V2, v3 |
Serial number |
Set the serial number of the certificate by the certificate distribution authority |
Signature algorithm Identifier |
What signature algorithms are used for certificates |
Issuer Name |
The name of the certificate issuer, which is the name of the institution that signed the certificate |
Validity Period |
Certificate Valid time range |
Subject Name |
The name of the public key owner or entity signed by the certificate issuer, using the X.500 protocol, is unique on the Internet. For example: Cn=java,ou=infosec,o=infosec LAB,C=CN represents a subject name.
|
"Java" Java and digital certificates