x509 certificates in few links

Certificates were always a little fleeing mistery to me. I always wanted to know more about them and never found the time. Few weeks back I finally kicked myself and spend one day with the certificates, signatures, signing and all that jazz. Here is a list of excelent sources.

Excelent intro description into certificates can be found suprisingly on Oracle documentation website for keytool application under section certificates:

http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html

It contains definitions of elementary terms along with good explanation. It also shows you how the operations can be done using keytool … a command line utility for managing keys and key stores. Keytool is nice, but it’s a little cumbersome to use. Replace it with excelent GUI application Keystore Explorer:

http://www.lazgosoftware.com/kse/index.html

Java in its basic installation package does not allow to create / handle keys with larger lengths using Java cryptography API. You need to install patch:

http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

The Keystore Explorer guides you to install this patch step by step in a nice interactive drag and drop style.

Simple important things to remember:

  • Certificate is a implementation of digital signature. I consists of private key which is used to sign messages and public key which is used to verify the signature.
  • Signature in x509 ┬ácertificate is represented by DN (distinquished name)
  • Certificates can be issued (signed) by a third party (certificate authority).
  • Certificate can also be self signed (Issuer DN = Certificate DN). How to validate self signed certificate:
    • Generate a self signed certificate.
    • Export certificate public key. Send it to recipient.
    • Generate message, sign it with your private key.
    • Send message to recipient
    • Recipient verifies signature with public key