author | juh |
Tue, 07 Oct 2014 22:23:19 -0700 | |
changeset 26967 | c182469301ee |
parent 25859 | 3317bb8137f4 |
permissions | -rw-r--r-- |
2 | 1 |
|
2 |
Quick summary of the main purpose here: X.509 certs are used in public |
|
3 |
key infrastructure for protocols such as SSL and SET. These certificates |
|
4 |
involve ISO/CCITT standard technologies such as ASN.1/DER, which control |
|
5 |
the format of the data being transmitted. X.509 itself describes the |
|
6 |
content of the data (e.g. X.500 user name, public key for that user, more) |
|
7 |
and how to sign it. |
|
8 |
||
9 |
+++ +++ +++ +++ +++ +++ +++ +++ +++ |
|
10 |
||
11 |
The X.509 support in JDK 1.2 builds on the java.security signature and |
|
12 |
key management APIs. The following packages provide the X.509 support: |
|
13 |
||
14 |
sun.security.util ... holds DER utilities, for parsing and generating |
|
15 |
streams of DER-encoded data values, including object identifiers. |
|
16 |
||
17 |
sun.security.x509 ... basic X.509 certificate parsing and generation |
|
18 |
framework, including X.509 keys, X.500 names, algorithm IDs, |
|
19 |
X.509 v3 extensions, and more. |
|
20 |
||
21 |
+++ +++ +++ +++ +++ +++ +++ +++ +++ |
|
22 |
||
23 |
Information which may be useful when you work with X.509 certificates is |
|
24 |
found in: |
|
25 |
||
26 |
The IETF has a public key infrastructure working group, PKIX. |
|
27 |
See http://www.ietf.org for more information. |
|
28 |
||
29 |
RFC 1422, which describes the key management infrastructure for |
|
30 |
the Privacy Enhanced Mail (PEM) system. It builds on X.509, |
|
31 |
and is perhaps the most useful overview I've found. |
|
32 |
||
33 |
RFC 1777, which describes the Lightweight Directory Access |
|
34 |
Protocol (LDAP) that many organizations are expecting will help |
|
35 |
address online certificate distribution over the Internet. |
|
36 |
||
26967
c182469301ee
8037550: Update RFC references in javadoc to RFC 5280
juh
parents:
25859
diff
changeset
|
37 |
RFC 5280, which describes the Internet X.509 Public Key |
2 | 38 |
Infrastructure Certificate and CRL Profile. |
39 |
||
40 |
RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which |
|
41 |
have been relatively well accepted. They build on top of the X.509 |
|
42 |
infrastructure. You can FTP them from ftp://ftp.rsa.com/pub/pkcs, in |
|
43 |
either PostScript or ASCII format. |
|
44 |
||
45 |
RSA DSI has also provided a "Layman's Guide" to ASN.1/DER, with |
|
46 |
examples from the X.509 and PKCS standards. This is available from |
|
47 |
the PKCS FTP area noted above. |