Digital Certificates
Digital certificate are used to carry the public/private key (which
is kept secret). They are typically used to store the key pair, or, once the private key is stripped-off, they are used to authenticate an entity (by gaining access to the public key). The typical formats
are IKE; - PKCS #; - PKCS #10; and X.509v3 certificates. To load the certificate press the button.
Related - Expired Certificate [Zoom]
Related - Exporting Certificate [Zoom]
Related - Browser and certicates [Zoom]
The certificate is self-signed (for testing) using:
http://pcwin.com/Internet/abylon_SELFCERT/download.htm [Click
here]
These are
exchanged at the start of a conversion to authenticate each device.
A key factor to integrated security is the usage of digital certificates. These
are an excellent way of distributing the public key of the owner. The file used
is typically in the form of X.509 certificate files. The standard output is in a
binary format, but a base-64 conversion can be used, such as for the following:
-----BEGIN CERTIFICATE-----
MIICpDCCAg2gAwIBAgIDcClYMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYDVQQGEwJH QjEQMA4GA1UECBMHTG90aGlhbjESMBAGA1UEBxMJRWRpbmJ1cmdoMRAwDgYDVQQK
EwdOb3doZXJlMRgwFgYJKoZIhvcNAQkBFglmcmVkQGhvbWUxDTALBgNVBAsTBE5v bmUxEzARBgNVBAMTCkZyZWQgU21pdGgwHhcNMDgwNDI0MjAxODQyWhcNMTAwNDI0
MjAxODQyWjCBgzELMAkGA1UEBhMCR0IxEDAOBgNVBAgTB0xvdGhpYW4xEjAQBgNV BAcTCUVkaW5idXJnaDEQMA4GA1UEChMHTm93aGVyZTEYMBYGCSqGSIb3DQEJARYJ
ZnJlZEBob21lMQ0wCwYDVQQLEwROb25lMRMwEQYDVQQDEwpGcmVkIFNtaXRoMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKYvs5qaYqeNsUT2r44YyQvKiX9XQu
yyeQI/P4gF7lpnNSpPhZwQ7iGFSiztjU1XmYwLd7arQV6BdI0jpW6j2d7PI1KqWI d+u63mXcAibMDNFuwpusB+C4vJTm/h4wd6q3rwUc5k+U6iz65lvhzXbXGBpyvU1+
RpqPerAU9eXx4QIDAQABoyQwIjAgBglghkgBhvhCAQwEExYRd3d3LmFieWxvbnNv ZnQuZGUwDQYJKoZIhvcNAQEFBQADgYEAr+G3z6hmMkoiiTHjBVqJJYefrUAb7Dty
tOciUWJY2e0wipderAZ/0TFeIM73V3XsgItp/quwTcSn2UMVJv31iSarvyMK/eEK ldot4LL4kSFe0BZonlPlKmlbCl4C5nmlR+3VwCZquw9Jtuw/syHy6fKt8KbkDnnm
YxiXa6psvaQ=
-----END CERTIFICATE-----
The CER file format is useful in importing and exporting single certificates, while
other formats such as the Cryptographic Message Syntax Standard – PCKS #7 Certifi-cates
(.P7B), and Personal Information Exchange – PKCS #12 (.PFX, .P12) can be used to
transfer more than one certificate. The main information for a distributable certifi-cate
will thus be:
• The entity’s public key (Public key).
• The issuer’s name (Issuer).
• The serial number (Serial number).
• Start date of certificate (Valid from).
• End date of certificate (Valid to).
• The subject (Subject).
• CRL Distribution Points (CRL Distribution Points).
• Authority Information (Authority Information Access). This will be shown when the recipient is prompted to access the certificate, or not.
• Thumbprint algorithm (Thumbprint algorithm). This might be MD5, SHA1, and so on.
• Thumbprint (Thumbprint).
The code is:
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Collections;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;
public partial class _Default6 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button3_Click(object sender, EventArgs e)
{
X509Certificate cer;
cer = X509Certificate.CreateFromCertFile("e:\\kunden\\homepages\\23\\d222559687\\fred.cer");
tbCert1.Text = cer.GetSerialNumberString();
tbCert2.Text = cer.GetEffectiveDateString();
tbCert3.Text = cer.Subject;
tbCert4.Text = cer.GetPublicKeyString();
tbCert5.Text = cer.GetKeyAlgorithm();
tbCert6.Text = cer.Issuer;
StreamReader re;
try
{
re = File.OpenText("e:\\kunden\\homepages\\23\\d222559687\\fred.cer");
}
catch (Exception exc)
{
re = File.OpenText("c:\\fred.cer");
}
string input = null, str = "";
while ((input = re.ReadLine()) != null)
{
str += input + "\r\n";
}
tbBase64.Text = str;
}
protected void Button1_Click1(object sender, EventArgs e)
{
Response.Redirect("http://buchananweb.co.uk/fred.zip", false);
}
}
and it can be updated so that it can be tested locally too:
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Collections;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;
public partial class _Default6 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button3_Click(object sender, EventArgs e)
{
X509Certificate cer;
try
{
cer = X509Certificate.CreateFromCertFile("... define home folder of your server here \\fred.cer");
}
catch (Exception exc)
{
cer = X509Certificate.CreateFromCertFile("c:\\fred.cer");
}
tbCert1.Text = cer.GetSerialNumberString();
tbCert2.Text = cer.GetEffectiveDateString();
tbCert3.Text = cer.Subject;
tbCert4.Text = cer.GetPublicKeyString();
tbCert5.Text = cer.GetKeyAlgorithm();
tbCert6.Text = cer.Issuer;
StreamReader re;
try
{
re = File.OpenText("... define home folder of your server here \\fred.cer");
}
catch (Exception exc)
{
re = File.OpenText("c:\\fred.cer");
}
string input = null, str = "";
while ((input = re.ReadLine()) != null)
{
str += input + "\r\n";
}
tbBase64.Text = str;
}
protected void Button1_Click1(object sender, EventArgs e)
{
Response.Redirect("http://buchananweb.co.uk/fred.zip", false);
}
}
|