|
2
|
1 |
|
|
|
2 |
Quick summary of the main purpose here: X.509 certs are used in public
|
|
|
3 |
key infrastructure for protocols such as SSL and SET. These certificates
|
|
|
4 |
involve ISO/CCITT standard technologies such as ASN.1/DER, which control
|
|
|
5 |
the format of the data being transmitted. X.509 itself describes the
|
|
|
6 |
content of the data (e.g. X.500 user name, public key for that user, more)
|
|
|
7 |
and how to sign it.
|
|
|
8 |
|
|
|
9 |
+++ +++ +++ +++ +++ +++ +++ +++ +++
|
|
|
10 |
|
|
|
11 |
The X.509 support in JDK 1.2 builds on the java.security signature and
|
|
|
12 |
key management APIs. The following packages provide the X.509 support:
|
|
|
13 |
|
|
|
14 |
sun.security.util ... holds DER utilities, for parsing and generating
|
|
|
15 |
streams of DER-encoded data values, including object identifiers.
|
|
|
16 |
|
|
|
17 |
sun.security.x509 ... basic X.509 certificate parsing and generation
|
|
|
18 |
framework, including X.509 keys, X.500 names, algorithm IDs,
|
|
|
19 |
X.509 v3 extensions, and more.
|
|
|
20 |
|
|
|
21 |
+++ +++ +++ +++ +++ +++ +++ +++ +++
|
|
|
22 |
|
|
|
23 |
Information which may be useful when you work with X.509 certificates is
|
|
|
24 |
found in:
|
|
|
25 |
|
|
|
26 |
The IETF has a public key infrastructure working group, PKIX.
|
|
|
27 |
See http://www.ietf.org for more information.
|
|
|
28 |
|
|
|
29 |
RFC 1422, which describes the key management infrastructure for
|
|
|
30 |
the Privacy Enhanced Mail (PEM) system. It builds on X.509,
|
|
|
31 |
and is perhaps the most useful overview I've found.
|
|
|
32 |
|
|
|
33 |
RFC 1777, which describes the Lightweight Directory Access
|
|
|
34 |
Protocol (LDAP) that many organizations are expecting will help
|
|
|
35 |
address online certificate distribution over the Internet.
|
|
|
36 |
|
|
|
37 |
RFC 3280, which describes the Internet X.509 Public Key
|
|
|
38 |
Infrastructure Certificate and CRL Profile.
|
|
|
39 |
|
|
|
40 |
RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which
|
|
|
41 |
have been relatively well accepted. They build on top of the X.509
|
|
|
42 |
infrastructure. You can FTP them from ftp://ftp.rsa.com/pub/pkcs, in
|
|
|
43 |
either PostScript or ASCII format.
|
|
|
44 |
|
|
|
45 |
RSA DSI has also provided a "Layman's Guide" to ASN.1/DER, with
|
|
|
46 |
examples from the X.509 and PKCS standards. This is available from
|
|
|
47 |
the PKCS FTP area noted above.
|