views:

64

answers:

2

I would like to learn the basics of digital certificates. Including how to create a self-signed certificate. Does anyone know a good introductory text about this?

A: 

Almost any undergraduate computer security or cryptography text book will help you to understand the basic ideas.

Some examples from my shelf (alphabetically):

  • Bishop, Computer Security
  • Gollmann, Computer Security
  • Oppliger, Security Technologies for the World Wide Web
  • Pfleeger & Pfleeger, Security in Computing
  • Schneier, Applied Cryptography

A quick summary: if you want to send me something that only I can read, then you need to encrypt it (approximately) with my public key. But you'd better make sure that you don't use someone else's public key, or they will be able to read it, not me. So how are you going to be sure that you're using my public key, not someone else's? You'll check that there's a certificate saying "Verisign confirms that John's public key is xxxxx". You'll want to check that this certificate isn't forged, so that will require checking Verisign's certificate (so you know what their public key is).

That all sounds a bit circular, and it is. In the end, you have to rely on a self-signed certificate saying "Verisign certifies that Verisign's public key is yyyyy", and not surprisingly, if you try to verify that certificate with yyyyy, you'll find it works. But there's no proof that it actually came from Verisign. It could have come from anyone. That's the problem with self-signed certificates.

If you want to make a self-signed certificate, I'd recommend installing openssl, and following these instructions.

John
For web browsing it isn't circular. Verisign and all the other big Certificate Authorities' certificates are built-in in all modern browsers. Unless you don't download a corrupt version of a browser, you're on the safe side when browsing. You need some root of trust, and the built-in certificates provide it...
David Sauter
Agreed. (Although I still think the concept is a "bit" circular, and you have to take your browser manufacturer's word for the trustworthiness of the root certificate.) In Firefox, you can inspect these root certificates with Tools > Options > Advanced > View Certificates. In IE, Tools > Options > Content > Certificates.
John
A: 

i have just prepared a project about this topic, first you have to learn about public key cryptography check here then learn about openssl check here (http://www.madboa.com/geek/openssl/) and then read these articles (http://www.securityfocus.com/infocus/1820) to create your own self signed web page using apache web server.

Sorry about links: new users can only post a maximum of one hyperlink. Earn 10 reputation to post more hyperlinks.

berkay