开发者

An introductory text about digital certificates

开发者 https://www.devze.com 2022-12-22 17:46 出处:网络
I would like to learn the basics of digital certificates. Including how to create a self-signed certificate. Does anyone 开发者_开发百科know a good introductory text about this?i have just prepared a

I would like to learn the basics of digital certificates. Including how to create a self-signed certificate. Does anyone 开发者_开发百科know a good introductory text about this?


i have just prepared a project about this topic, first you have to learn about public key cryptography check here then learn about openssl check here and then read these articles to create your own self signed web page using apache web server.

Sorry about links: new users can only post a maximum of one hyperlink. Earn 10 reputation to post more hyperlinks.


Almost any undergraduate computer security or cryptography text book will help you to understand the basic ideas.

Some examples from my shelf (alphabetically):

  • Bishop, Computer Security
  • Gollmann, Computer Security
  • Oppliger, Security Technologies for the World Wide Web
  • Pfleeger & Pfleeger, Security in Computing
  • Schneier, Applied Cryptography

A quick summary: if you want to send me something that only I can read, then you need to encrypt it (approximately) with my public key. But you'd better make sure that you don't use someone else's public key, or they will be able to read it, not me. So how are you going to be sure that you're using my public key, not someone else's? You'll check that there's a certificate saying "Verisign confirms that John's public key is xxxxx". You'll want to check that this certificate isn't forged, so that will require checking Verisign's certificate (so you know what their public key is).

That all sounds a bit circular, and it is. In the end, you have to rely on a self-signed certificate saying "Verisign certifies that Verisign's public key is yyyyy", and not surprisingly, if you try to verify that certificate with yyyyy, you'll find it works. But there's no proof that it actually came from Verisign. It could have come from anyone. That's the problem with self-signed certificates.

If you want to make a self-signed certificate, I'd recommend installing openssl, and following these instructions.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号