블로그 이미지
평범하게 살고 싶은 월급쟁이 기술적인 토론 환영합니다.같이 이야기 하고 싶으시면 부담 말고 연락주세요:이메일-bwcho75골뱅이지메일 닷컴. 조대협


Archive»


메모


개념 잡기

Certification

Signature

Signing

Key



Signed certificate <-- Signed by Certification Authority (CA : 인증 기관) / Verisign 등

Self-Signing certificate



PKI 기반 (공개키)

http://www.verisign.com.au/repository/tutorial/digital/intro1.shtml


public key

Not at all secret!
Widely available, but must be trusted
May be supplied as part of a certificate
If you send something using a public key, it can only be read by the entity to which it is addressed.
Secure communications
(But secure communications (e.g. SSL) isn’t quite as simple as that!)

How ca i trust public key?

Someone can use a public key to prove their identity to me
but only if I trust that public key
there's public keys out there that say they belong to George Bush etc.
So if someone I trusted endorsed (signed) that public key
hold that thought for a moment...

Signing with key

Keys can be used to sign things
encrypt a bit of text with your private key (can be attached 'securely' to the 'document')
people can de-crypt it with the public key and know that it was signed by you


How can i trust public key?

Put that public key on a certificate
Get someone you trust to sign the certificate
If the certificate is tampered with, the signature is broken
Organisations who sign public keys/certificates are called Certification Authorities (CA)

PKI
You create a key pair
Put one key of the pair on a certificate
Send the certificate (request) to the CA
Present yourself or identify yourself to the Registration Authority (RA)
The RA tells the CA that you are OK
The CA sends you the signed certificate

Now you have a signed certificate, people and services can trust that you are who you say you are

Present your certificate to a service
Tell them something encrypted by your private key
They like your certificate and know it is you
You keep your private key very secret
Obey the rules for this!
Your public key is on the certificate
Services must trust the CA
Your certificate will have an expiry date
after which you may have to re-visit the RA
Your certificate can be revoked at any time


저작자 표시
신고

'프로그래밍 > 프로그래밍팁' 카테고리의 다른 글

IDM (계정관리) 관련 몇가지 표준  (0) 2013.05.15
보안,Certification, Signing,Signature etc (작성중)  (0) 2013.03.30
XA Spec  (0) 2008.06.10
FILE IO 향상 방법  (1) 2008.03.11
Work load manager in JEE  (0) 2008.02.29
NIO  (0) 2008.02.27