IN THIS CHAPTER
Digital Certificates Explained
Acquiring Certificates
Building a Certificate Request Utility
As you learned in the preceding chapter, public/private key encryption is a simple matter of exchanging public keys and using these keys to encrypt data that only the recipient can decrypt. In practice, this process is fairly straightforward. But how do you know that the public key you received is really from the person you think it is from? What if it was really some else's public key—someone you didn't want to receive the encrypted data? Not having some way of verifying the person a public key belongs to is a real problem.
Digital certificates were created to solve this problem with public/private key encryption . As the use of encryption spreads, a reliable means of guaranteeing that a particular public key does belong to a specific person, and that the person is who you think he is, is an important piece of the Internet infrastructure. Digital certificates provide this piece of the puzzle. In this chapter, you'll look at what digital certificates are and how they work. You'll also learn how to create certificate requests and get digital certificates you can use in your applications.
PREREQUISTES
Before reading this chapter, you need to make sure you have a good understanding of the following:
Asymmetric encryption and digital certificates, as covered in Chapter 1, "Understanding Encryption and Application Security"
Hashing data, generating encryption keys, and encrypting and decrypting data, as covered in Chapter 3, "Symmetric and Password Encryption"
Using public/private encryption keys, as covered in Chapter 4, "Public/Private Key Communications"