"Java" Java and digital certificates

Source: Internet
Author: User

Java and digital certificates
    • Java and digital certificates
      • Issuance and application of certificates
      • The content and meaning of the certificate
      • Other

A certificate (Certificate, also known as Public-key Certificate) is a digital credential that can be used as an intermediary for a trust relationship by digitally signing certain content, such as a public key, with some sort of signature algorithm. The certificate issuer informs the certificate consumer or entity of its public key (Public-key) and some other ancillary information by issuing a certificate. Certificates are widely used in e-commerce security transactions, and certificate issuers are also known as CAS (Certificate authority).

Issuance and application of certificates

The role of certificates in public key cryptography is to ensure that public keys are published in certain trusted institutions, which have important applications in protocol SSL and electronic Transaction protocol set.

Figure 1 shows one of the simplest ways to apply a certificate:

The application steps for the certificate are:

(1) A to send its own public key pka to the CA (Certificate authority);

(2) The CA generates a certificate with its own private key and A's public key, including the digital signature of the CA in the certificate. The Signature object includes the content that needs to be stated in the certificate, such as the public key of a, timestamp, serial number, etc., in order to simplify the assumption that there are only three items in the certificate: A's public key pka, timestamp TIME1, and serial number IDA. Then CA sent to a simple certificate credentials can be expressed as: Certa=eca[time1,ida,pka];

(3) B also send its own public key PKB to the CA;

(4) B Obtain the certificate issued by CA CERTB;

(5) A inform B certificate Certa;

(6) B inform a certificate CERTB.

A, b each obtains each other's certificate, uses the public key obtained from the CA (in the CA's self-visa book) to verify each other's certificate is valid, if valid, then obtains each other's public key. Using the other's public key, you can encrypt the data, or can be used to verify the other's digital signature.

In order to facilitate the explanation, and do not use the certificate obtained from the CA, but the two sides of the communication generated from the visa book, that is, figure 1, A and B are not through the CA, but only if A and B have each other's certificate.

The content and meaning of the certificate

Certificate Core Items meaning
Version Tell me which version of the certificate is the V1, V2, v3
Serial number Set the serial number of the certificate by the certificate distribution authority
Signature algorithm Identifier What signature algorithms are used for certificates
Issuer Name The name of the certificate issuer, which is the name of the institution that signed the certificate
Validity Period Certificate Valid time range
Subject Name The name of the public key owner or entity signed by the certificate issuer, using the X.500 protocol, is unique on the Internet. For example: Cn=java,ou=infosec,o=infosec LAB,C=CN represents a subject name.

"Java" Java and digital certificates

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.