프로그래밍/프로그래밍팁

보안,Certification, Signing,Signature etc (작성중)

Terry Cho 2013. 3. 30. 00:56

메모


개념 잡기

Certification

Signature

Signing

Key



Signed certificate <-- Signed by Certification Authority (CA : 인증 기관) / Verisign 등

Self-Signing certificate



PKI 기반 (공개키)

http://www.verisign.com.au/repository/tutorial/digital/intro1.shtml


public key

Not at all secret!
Widely available, but must be trusted
May be supplied as part of a certificate
If you send something using a public key, it can only be read by the entity to which it is addressed.
Secure communications
(But secure communications (e.g. SSL) isn’t quite as simple as that!)

How ca i trust public key?

Someone can use a public key to prove their identity to me
but only if I trust that public key
there's public keys out there that say they belong to George Bush etc.
So if someone I trusted endorsed (signed) that public key
hold that thought for a moment...

Signing with key

Keys can be used to sign things
encrypt a bit of text with your private key (can be attached 'securely' to the 'document')
people can de-crypt it with the public key and know that it was signed by you


How can i trust public key?

Put that public key on a certificate
Get someone you trust to sign the certificate
If the certificate is tampered with, the signature is broken
Organisations who sign public keys/certificates are called Certification Authorities (CA)

PKI
You create a key pair
Put one key of the pair on a certificate
Send the certificate (request) to the CA
Present yourself or identify yourself to the Registration Authority (RA)
The RA tells the CA that you are OK
The CA sends you the signed certificate

Now you have a signed certificate, people and services can trust that you are who you say you are

Present your certificate to a service
Tell them something encrypted by your private key
They like your certificate and know it is you
You keep your private key very secret
Obey the rules for this!
Your public key is on the certificate
Services must trust the CA
Your certificate will have an expiry date
after which you may have to re-visit the RA
Your certificate can be revoked at any time


그리드형

'프로그래밍 > 프로그래밍팁' 카테고리의 다른 글

IDM (계정관리) 관련 몇가지 표준  (0) 2013.05.15
XA Spec  (0) 2008.06.10
FILE IO 향상 방법  (1) 2008.03.11
Work load manager in JEE  (0) 2008.02.29
NIO  (0) 2008.02.27