J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | |
| 2 | Quick summary of the main purpose here: X.509 certs are used in public |
| 3 | key infrastructure for protocols such as SSL and SET. These certificates |
| 4 | involve ISO/CCITT standard technologies such as ASN.1/DER, which control |
| 5 | the format of the data being transmitted. X.509 itself describes the |
| 6 | content of the data (e.g. X.500 user name, public key for that user, more) |
| 7 | and how to sign it. |
| 8 | |
| 9 | +++ +++ +++ +++ +++ +++ +++ +++ +++ |
| 10 | |
| 11 | The X.509 support in JDK 1.2 builds on the java.security signature and |
| 12 | key management APIs. The following packages provide the X.509 support: |
| 13 | |
| 14 | sun.security.util ... holds DER utilities, for parsing and generating |
| 15 | streams of DER-encoded data values, including object identifiers. |
| 16 | |
| 17 | sun.security.x509 ... basic X.509 certificate parsing and generation |
| 18 | framework, including X.509 keys, X.500 names, algorithm IDs, |
| 19 | X.509 v3 extensions, and more. |
| 20 | |
| 21 | +++ +++ +++ +++ +++ +++ +++ +++ +++ |
| 22 | |
| 23 | Information which may be useful when you work with X.509 certificates is |
| 24 | found in: |
| 25 | |
| 26 | The IETF has a public key infrastructure working group, PKIX. |
| 27 | See http://www.ietf.org for more information. |
| 28 | |
| 29 | RFC 1422, which describes the key management infrastructure for |
| 30 | the Privacy Enhanced Mail (PEM) system. It builds on X.509, |
| 31 | and is perhaps the most useful overview I've found. |
| 32 | |
| 33 | RFC 1777, which describes the Lightweight Directory Access |
| 34 | Protocol (LDAP) that many organizations are expecting will help |
| 35 | address online certificate distribution over the Internet. |
| 36 | |
| 37 | RFC 3280, which describes the Internet X.509 Public Key |
| 38 | Infrastructure Certificate and CRL Profile. |
| 39 | |
| 40 | RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which |
| 41 | have been relatively well accepted. They build on top of the X.509 |
| 42 | infrastructure. You can FTP them from ftp://ftp.rsa.com/pub/pkcs, in |
| 43 | either PostScript or ASCII format. |
| 44 | |
| 45 | RSA DSI has also provided a "Layman's Guide" to ASN.1/DER, with |
| 46 | examples from the X.509 and PKCS standards. This is available from |
| 47 | the PKCS FTP area noted above. |