Certificate Overview - Yash-777/Java_Mail GitHub Wiki

A public key certificate, usually just called a certificate, is a digitally signed statement that binds the value of a public key to the identity of the person, device, or service that holds the corresponding private key. One of the main benefits of certificates is that hosts no longer have to maintain a set of passwords for individual subjects who need to be authenticated as a prerequisite to access. Instead, the host merely establishes trust in a certificate issuer.

Most certificates in common use are based on the X.509 v3 certificate standard.

Typically, certificates contain the following information:

The subject's public key value.

The subject's identifier information, such as the name and e-mail address.

The validity period (the length of time that the certificate is considered valid).

Issuer identifier information.

The digital signature of the issuer, which attests to the validity of the binding between the subject's public key and the subject's identifier information.

A certificate is valid only for the period of time specified within it; every certificate contains Valid From and Valid To dates, which set the boundaries of the validity period. Once a certificate's validity period has passed, a new certificate must be requested by the subject of the now-expired certificate.

Using Certificates

Certificates can be used for:

  • Authentication, which verifies the identity of someone or something.
  • Privacy, which ensures that information is only available to the intended audience.
  • Encryption, which disguises information so that unauthorized readers are unable to decipher it.
  • Digital signatures, which provide nonrepudiation and message integrity.

These services can be important to the security of your communications. In addition, many applications use certificates, such as e-mail applications and Web browsers.

Authentication

Authentication is crucial in making communication more secure. Users must be able to prove their identity to those with whom they communicate and must be able to verify the identity of others. Authentication of identity on a network is complex because the communicating parties do not physically meet as they communicate. This can allow an unethical person to intercept messages or to impersonate another person or entity.

Privacy

Whenever sensitive information is transmitted between computing devices on any type of network, users should generally use some sort of encryption to keep their data private.

Encryption

Encryption can be thought of as locking something valuable into a strong box with a key. Conversely, decryption can be compared to opening the box and retrieving the valuable item. On computers, sensitive data in the form of e-mail messages, files on a disk, and files being transmitted across the network can be encrypted using a key. Encrypted data and the key used to encrypt data are both unintelligible.

For more information about encryption and certificates, see Resources for Certificates.

Digital signatures A digital signature is a way to ensure the integrity and origin of data. A digital signature provides strong evidence that the data has not been altered since it was signed and it confirms the identity of the person or entity who signed the data. This enables the important security features of integrity and nonrepudiation, which are essential for secure electronic commerce transactions.

Digital signatures are typically used when data is distributed in plaintext, or unencrypted form. In these cases, while the sensitivity of the message itself might not warrant encryption, there could be a compelling reason to ensure that the data is in its original form and has not been sent by an impostor because, in a distributed computing environment, plaintext can conceivably be read or altered by anyone on the network with the proper access, whether authorized or not.

Public and Private Keys encryption

In public key encryption, two different keys are used to encrypt and decrypt information. The private key is a key that is known only to its owner, while the public key can be made known and available to other entities on the network.

The two keys are different but complementary in function. For example, a user's public key can be published within a certificate in a folder so that it is accessible to other people in the organization. The sender of a message can retrieve the user's certificate from Active Directory Domain Services, obtain the public key from the certificate, and then encrypt the message by using the recipient's public key. Information that is encrypted with the public key can be decrypted only by using the corresponding private key of the set, which remains with its owner, the recipient of the message.

Certificate File Formats

Certificate import and export operations support four file formats. Choose the format that meets your specific requirements.

Personal Information Exchange (PKCS #12)

The Personal Information Exchange format (PFX, also called PKCS #12) supports secure storage of certificates, private keys, and all certificates in a certification path.

The PKCS #12 format is the only file format that can be used to export a certificate and its private key.

Cryptographic Message Syntax Standard (PKCS #7)

The PKCS #7 format supports storage of certificates and all certificates in the certification path.

DER-encoded binary X.509

The Distinguished Encoding Rules (DER) format supports storage of a single certificate. This format does not support storage of the private key or certification path.

Base64-encoded X.509

The Base64 format supports storage of a single certificate. This format does not support storage of the private key or certification path.

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files UnlimitedJCEPolicyJDK8C:\Softwares\JDK\jdk1.8.0_121\jre\lib\security

we need to extract the zipped file into a directory of our choice – which contains two jar files: local_policy.jar, US_export_policy.jar
Finally, we need to look for the {JAVA_HOME}/lib/security folder and replace the existing policy files with the ones that we’ve extracted here.

Java KeyStores (*.jks, *.keystore, *.jceks, *.ks) PKCS #12 Keystores (*.pfx, *.p12) Bouncy Castle Keystores (*.bks, *.uber)

Baeldung.com Preparing Certificate And Private Key Baeldung.cer, Baeldung.p12 (password = “password”)

W3C Symmetric Key encryption: The private keys and corresponding certificates are stored in files ending with ".p12". These are PKCS12 files with password passwd.

KeyStore Explorer @kaikramer github KeyStore Explorer is an open-source GUI replacement for the Java command-line utilities keytool and jarsigner.

⚠️ **GitHub.com Fallback** ⚠️