Implementation of Software Tools for The Medium-Size Certification Authority – X.509 Certificate GenerationIntroductionCryptosystemSymmetric (Private-Key) CryptographyAsymmetric (Public-key) CryptographyKey GenerationKey ManagementCertificateX.509 CertificateX.509 Certificate (cont’d)X.509 Certificate GenerationCertificate AuthorityExplanationImplementation of Implementation of Software Tools for The Software Tools for The MediumMedium--Size Certification Size Certification Authority Authority ––X.509 Certificate X.509 Certificate GenerationGenerationIntroductionIntroductionCertificates and Certificate Certificates and Certificate Authorities (CA) are necessary for Authorities (CA) are necessary for widespread use of cryptography.widespread use of cryptography.Certificates and CA are based on Certificates and CA are based on publicpublic--key cryptosystem.key cryptosystem.Certificate can be implemented by Certificate can be implemented by Java security package.Java security package.CryptosystemCryptosystemGenerally there are two kinds of key Generally there are two kinds of key cryptography:cryptography:––Symmetric (PrivateSymmetric (Private--Key) CryptographyKey) Cryptography––Asymmetric (PublicAsymmetric (Public--key) Cryptographykey) CryptographySymmetric (PrivateSymmetric (Private--Key) Key) CryptographyCryptographyPerforms encryption and decryption Performs encryption and decryption with a single keywith a single keySymmetric cryptography algorithm Symmetric cryptography algorithm includes: 3DES, Blowfish, IDEA, includes: 3DES, Blowfish, IDEA, CAST128, and CAST128, and ARCFourARCFourThe main problem is key distribution The main problem is key distribution and managementand managementAsymmetric (PublicAsymmetric (Public--key) key) CryptographyCryptographyBased on a secure secret key pair:Based on a secure secret key pair:––Public key: distributed widely, but still Public key: distributed widely, but still associated with its ownerassociated with its owner––Private key: known only to its ownerPrivate key: known only to its ownerRSA and DSA are examples of public RSA and DSA are examples of public key cryptographic algorithmkey cryptographic algorithmKey GenerationKey GenerationOne of the methods to generate key One of the methods to generate key pair: Java Security Package.pair: Java Security Package.For example:For example:––keyPairGeneratorkeyPairGenerator: generate pairs of : generate pairs of public and private keyspublic and private keysUsers must be able to obtain key Users must be able to obtain key pairs securelypairs securelyKey ManagementKey ManagementKey management is an essential task Key management is an essential task to keep information systems secureto keep information systems secureIt includesIt includes––ExchangeExchange––StorageStorage––CertificationCertification––ExpirationExpiration––RevocationRevocation––Changing and transmissionChanging and transmissionCertificateCertificateCertificate is a digitally signed Certificate is a digitally signed document that serves to validate the document that serves to validate the sender’s authorization and namesender’s authorization and nameThere are two basic types:There are two basic types:––Server certificatesServer certificates––Personal certificatesPersonal certificatesX.509 CertificateX.509 CertificateDefines what information can go into Defines what information can go into a certificate, and describes how to a certificate, and describes how to write it down (the data format)write it down (the data format)Used for security protocols, such as Used for security protocols, such as Privacy Enhanced Mail (PEM), Pretty Privacy Enhanced Mail (PEM), Pretty Good Privacy (PGP), Secure Sockets Good Privacy (PGP), Secure Sockets Layer (SSL), and Secure Hyper Text Layer (SSL), and Secure Hyper Text Transfer Protocol (STransfer Protocol (S--HTTP)HTTP)X.509 Certificate (cont’d)X.509 Certificate (cont’d)StructureStructure––VersionVersion––Serial NumberSerial Number––Signature Algorithm IdentifierSignature Algorithm Identifier––Issue NameIssue Name––Validity PeriodValidity Period––Subject NameSubject Name––Subject Public key InformationSubject Public key Information––Issuer Unique Identifier (v2 & v3 only)Issuer Unique Identifier (v2 & v3 only)––Subject Unique Identifier (v2 & v3 only)Subject Unique Identifier (v2 & v3 only)––Extensions (v3 only)Extensions (v3 only)X.509 Certificate GenerationX.509 Certificate GenerationUsing Java security package:Using Java security package:––KeyPairGeneratorKeyPairGeneratorclass: generate key pairclass: generate key pair––KeyPairKeyPairclass: key holderclass: key holder––KeyStoreKeyStoreclass: represents an inclass: represents an in--memory memory collection of keys and certificatescollection of keys and certificates––Signature class: generate a signatureSignature class: generate a signature––CertificateFactoryCertificateFactoryclass: used to instantiate class: used to instantiate certificatecertificate––X509Certificate class: a way to access all the X509Certificate class: a way to access all the attributes of an X509 certificateattributes of an X509 certificateCertificate AuthorityCertificate AuthorityAccept requests for certificates and Accept requests for certificates and grants them once it determines that grants them once it determines that the request is genuinethe request is genuineIssue certificateIssue certificateCertificate verifying, transferring, Certificate verifying, transferring, and so onand so onExplanationExplanationThis project is finished on the first This project is finished on the first step, i.e., what the certificate is and step, i.e., what the certificate is and what the mechanism is about what the mechanism is about certificate authority. The second step certificate authority. The second step is just in the beginning: implement is just in the beginning: implement the software tool to generate the software tool to generate certificate and provide more certificate and provide more certificate services.certificate
View Full Document