Cryptography Tutorials - Herong's Tutorial Examples - Version 5.36, by Dr. Herong Yang
Why Certificates Need to Be Signed by CA?
This section describes why public keys need to be signed a CA (Certificate Authority). You communication partner can trust the CA, not you.
In the previous chapter, we learned how to put your own public key in a certificate and sign it by your own private key to make it as a self-signed certificate.
Of course, you can send your self-signed certificate to your communication partner and start to use it to encrypt the communication data. However, this only works if your communication partner knows you and trusts your digital signature.
In the case where you communication partner can not trust you directly, what you can do is to send your public key to a certificate authority (CA) and ask them to sign it for you. To do this, you need to put your public key into a certificate signing request (CSR), and mail it to a CA. The CA will verify the request and put your public key in a certificate and sign it with CA's private key.
When your partner receives your public key signed by a CA, he can validate the signature with the CA's public key. If the validation is ok, he can then trust your public key.
Here is a simple diagram that illustrates the certificate signing and validation process:
Your public key You ---- Certificate signing request ---> CA | | | |Sign | | Your public key + CA signature | v You <----- Certificate signed by CA -------- | | |Send |Send | | v CA's public key v Partner <-- Self-signed certificate ------ | |Verify your certificate with CA's public key |to trust your public key in the certificate | v OK
Last update: 2013.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
►OpenSSL Generating and Signing CSR
►Why Certificates Need to Be Signed by CA?
Generating Certificate Signing Request (CSR)
Viewing Components of Certificate Signing Request
Signing a Certificate Signing Request
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
Certificate X.509 Standard and DER/PEM Formats
Migrating Keys from "OpenSSL" Key Files to "keystore"
Using Certificates in IE (Internet Explorer)