A digital security certificate is a file digitally signed by a certificate authority, which contains public key owner information and public key. It is the authentication of user's public key issued by certificate authority (CA).
The simplest certificate contains a public key, a name and the digital signature of the certification authority. Generally speaking, the certificate also includes the valid time of the key, the name of the certificate authority, the serial number of the certificate and other information. The format of the certificate follows the ITU x.509 international standard.
Digital certificates are like ID cards in our lives. In reality, identity cards are issued by public security organs, while the identity certificates of network users are issued by ——CA, a digital certificate issuing and certification institution. Only certificates issued by CA can be authenticated in the network.
Second, what does the X.509 certificate contain?
Version number: the version of X.509 standard behind the certificate.
Serial number: the number that uniquely identifies the certificate, issued by the certificate authority.
Certificate algorithm identification: the name of the specific public key algorithm used by the certificate authority to sign digital certificates.
Issuer name: the identification of the certification authority that actually issued the certificate.
Validity period: the period during which a digital certificate remains valid, including the start date and the end date.
Subject name: the name of the owner of the digital certificate.
User public key information: the public key associated with the owner of the digital certificate and the specific public key algorithm associated with the public key.
Issuer Unique Identifier: Information that can be used to uniquely identify the issuer of a digital certificate.
User unique identifier: information that can be used to uniquely identify the owner of a digital certificate.
Extended information: other information related to the use and processing of certificates.
Digital Signature of Certificate Authority: Actual digital signature using the algorithm specified in the certificate algorithm identifier field and the certificate authority's private key.
Thirdly, the procedures for issuing digital certificates.
The process of issuing digital certificates is as follows: the user generates his own key pair and sends the public key and some personal identification information to the authentication center. After authentication, the authentication center will perform some necessary steps to ensure that the request is indeed sent by the user. Then, the certification center will issue a digital certificate to the user, which contains information such as the user and his key, as well as a digital certificate confirming the public key of the certification center. When users want to prove the legitimacy of their public keys, they can provide this digital certificate.
Generation of digital certificate: the authentication center uses the basic information of the user certificate as the hash algorithm, and then encrypts the hash value with its own private key.
Digital certificates rely on public key encryption to prove their identity. When issuing a digital certificate, the certificate authority signs the certificate with its own private key. In order to verify the authenticity of the digital certificate, users can obtain the public key of the certificate authority and use the public key on the certificate to determine whether it is signed by the certificate authority.
4. Where can I use the digital certificate?
With the popularity of the Internet and the rapid development of various e-commerce activities and e-government activities, digital certificates have been widely used in various fields. At present, they mainly include: sending secure e-mail, visiting secure websites, online bidding, online signing, online ordering, secure online file transmission, online payment, online tax payment, online stock trading, online shopping and online customs declaration.
Verb (abbreviation for verb) digital certificate and public key infrastructure
One of the advantages of public key encryption is that it reduces the workload of key management, because a large number of symmetric keys are replaced by a key pair. Digital certificate further enhances this advantage and solves the problem of distribution and management of public keys. However, digital certificates cannot manage themselves. Because digital certificates are widely distributed in nature, the distribution of digital certificates must be considered when designing the management scheme of these certificates. Digital certificates need an effective infrastructure to manage certificates in the environment where they are used. Public key infrastructure (PKI) and digital certificate are inseparable. PKI is responsible for issuing certificates. It ensures that these certificates are distributed through the directory and verifies them. PKI is responsible for the basic work, including supporting digital certificates, so that it can provide functions that services such as S/MIME depend on.
Implementation process of intransitive verb X.509 certificate
Use X.509, SSL protocol and OPSSL library to realize identity authentication.
Firstly, X.509 digital certificate is generated by OPSSL, and simple client program and server program are written to realize authentication and communication encryption between client program and server program based on X509 certificate and SSL protocol. The server can receive and display text messages sent by clients.
Summary:
1, establish a link with socket;
2. After the link is successful, the SSL handshake process (mainly used for secure communication) involves the verification of the X.509 certificate when using the SSL handshake protocol. Only after the certificate is verified successfully can the client and the server communicate securely;
3. The two sides communicate with each other.
Reference website:
1./20 16/03/27/% E8 % AF % A6 % E8 % A7 % A3/H2 appy/ 1 18 1234
3./blog/ 1675344
4./p/42bf7c4d6ab8
5./blog/ 1 144 15 1