Wednesday, October 28, 2009

Chapter 6: Distinguished Names and Certificates















































Chapter 6: Distinguished Names and Certificates




Overview



Asymmetric
encryption provides ways of allowing you to distribute keys with
relative safety that other people can use to send encrypted messages or
verify signatures you have created. The problem, however, is that from
the point of view of the people you are distributing the public keys
to, the simple presence of a public key is not enough for someone to
determine whether it is the public key they have or even if the use
they are being asked to put it to is one that you intended.


Distinguished names and the certificates that carry them were created to solve this problem.


This chapter introduces distinguished names,
certificates, and certification requests. Distinguished names contain
information about the owner of a public key carried by a certificate.
Certification requests provide a mechanism by which you can ask some
other party, presumably trusted by the people you want to give the
certificate to, to issue you with a certificate that can also be
trusted. In general, this is done by issuing a certificate that can be
verified using another certificate issued by the trusted party that is
already in the hands of the people who you want to accept your new
certificate.


By the end of this chapter, you should




  • Understand what an X.500 name is




  • Understand what a public key certificate is, most particularly those that use X.509




  • Be able to make use of the Java classes representing X.500 name and certificates




  • Be able to generate your own certification requests and certificates




  • Be able to create a certificate from a certificate request




  • Be able to form multiple certificates into a certificate chain, or path




Finally, you should understand how to make use of
the certificate storage class in Java and how to selectively retrieve
certificates from it.







































Posted by at

1 comment:

Tee Chess said...

Very helpful post. After reading the complete information I must share that you have discussed so many unique and important concepts which are related to certificate and information security. Thank for this great share.
digital certificates

December 10, 2012 at 7:47 AM

Post a Comment

Subscribe to: Post Comments (Atom)