Public Key Infrastructure

04 Dec 2019

terms

(Additionally)

MAC

(MAC is not related to PKI (?))

Signature

Public key cryptography

Symmetric key cryptography

process(SSL Handshake)

Standards

file extensions

(encodings, also used as extensions)

(common extensions)

Java details

OpenSSL commands

Read a certificate

openssl x509 -in certificate.pem -text

Create a private key

openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096

or

openssl genrsa -out key.pem 4096

Create a private key with encryption

openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096 -aes128
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096 -aes192

Create a private key and CSR

openssl req -new -newkey rsa:2048 -nodes -keyout key.pem -out certificate.pem

Create a self-signed certificate from a private key

openssl req -key key.pem -x509 -days 365 -out certificate.pem

Create a private key and the certificate

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

PEM to DER

openssl x509 -in cert.crt -outform der -out cert.der

DER to PEM

openssl x509 -in cert.crt -inform der -outform pem -out cert.pem

good practices

References