Bill's Security Tips

Home  [Bill's Home]

Digital Certificates

Digital certificate are used to carry the public/private key (which is kept secret). They are typically used to store the key pair, or, once the private key is stripped-off, they are used to authenticate an entity (by gaining access to the public key). The typical formats are IKE; - PKCS #; - PKCS #10; and X.509v3 certificates. To load the certificate press the button.

   

Serial number:
Effective date:
Name:
Public key:
Public key algorithm:
Issuer Name:
Base-64

The certificate is self-signed (for testing) using:

http://pcwin.com/Internet/abylon_SELFCERT/download.htm [Click here]

These are exchanged at the start of a conversion to authenticate each device. A key factor to integrated security is the usage of digital certificates. These are an excellent way of distributing the public key of the owner. The file used is typically in the form of X.509 certificate files. The standard output is in a binary format, but a base-64 conversion can be used, such as for the following:

-----BEGIN CERTIFICATE-----
MIICpDCCAg2gAwIBAgIDcClYMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYDVQQGEwJH QjEQMA4GA1UECBMHTG90aGlhbjESMBAGA1UEBxMJRWRpbmJ1cmdoMRAwDgYDVQQK EwdOb3doZXJlMRgwFgYJKoZIhvcNAQkBFglmcmVkQGhvbWUxDTALBgNVBAsTBE5v bmUxEzARBgNVBAMTCkZyZWQgU21pdGgwHhcNMDgwNDI0MjAxODQyWhcNMTAwNDI0 MjAxODQyWjCBgzELMAkGA1UEBhMCR0IxEDAOBgNVBAgTB0xvdGhpYW4xEjAQBgNV BAcTCUVkaW5idXJnaDEQMA4GA1UEChMHTm93aGVyZTEYMBYGCSqGSIb3DQEJARYJ ZnJlZEBob21lMQ0wCwYDVQQLEwROb25lMRMwEQYDVQQDEwpGcmVkIFNtaXRoMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKYvs5qaYqeNsUT2r44YyQvKiX9XQu yyeQI/P4gF7lpnNSpPhZwQ7iGFSiztjU1XmYwLd7arQV6BdI0jpW6j2d7PI1KqWI d+u63mXcAibMDNFuwpusB+C4vJTm/h4wd6q3rwUc5k+U6iz65lvhzXbXGBpyvU1+ RpqPerAU9eXx4QIDAQABoyQwIjAgBglghkgBhvhCAQwEExYRd3d3LmFieWxvbnNv ZnQuZGUwDQYJKoZIhvcNAQEFBQADgYEAr+G3z6hmMkoiiTHjBVqJJYefrUAb7Dty tOciUWJY2e0wipderAZ/0TFeIM73V3XsgItp/quwTcSn2UMVJv31iSarvyMK/eEK ldot4LL4kSFe0BZonlPlKmlbCl4C5nmlR+3VwCZquw9Jtuw/syHy6fKt8KbkDnnm
YxiXa6psvaQ=
-----END CERTIFICATE-----

The CER file format is useful in importing and exporting single certificates, while other formats such as the Cryptographic Message Syntax Standard – PCKS #7 Certifi-cates (.P7B), and Personal Information Exchange – PKCS #12 (.PFX, .P12) can be used to transfer more than one certificate. The main information for a distributable certifi-cate will thus be:

• The entity’s public key (Public key).
• The issuer’s name (Issuer).
• The serial number (Serial number).
• Start date of certificate (Valid from).
• End date of certificate (Valid to).
• The subject (Subject).
• CRL Distribution Points (CRL Distribution Points).
• Authority Information (Authority Information Access). This will be shown when the recipient is prompted to access the certificate, or not.
• Thumbprint algorithm (Thumbprint algorithm). This might be MD5, SHA1, and so on.
• Thumbprint (Thumbprint).

The code is:

 

protected void Button3_Click(object sender, EventArgs e)
{
 

X509Certificate cer = X509Certificate.CreateFromCertFile("... define home folder of your server here \bill.cer");
tbCert1.Text=cer.GetSerialNumberString();
tbCert2.Text=cer.GetEffectiveDateString();
tbCert3.Text=cer.Subject;
tbCert4.Text=cer.GetPublicKeyString();
tbCert5.Text=cer.GetKeyAlgorithm(); tbCert6.Text=cer.Issuer;

StreamReader re = File.OpenText("... define home folder of your server here \\fred.cer");

while ((input = re.ReadLine()) != null)
{
str += input + "\r\n";
}
tbBase64.Text = str;

}

and it can be updated so that it can be tested locally too:

protected void Button3_Click(object sender, EventArgs e)
{
X509Certificate cer;
try
{
cer = X509Certificate.CreateFromCertFile("... define home folder of your server here \\fred.cer");
}
catch (Exception exc)
{
cer = X509Certificate.CreateFromCertFile("c:\\fred.cer");
}

tbCert1.Text=cer.GetSerialNumberString();
tbCert2.Text=cer.GetEffectiveDateString();
tbCert3.Text=cer.Subject;
tbCert4.Text=cer.GetPublicKeyString();
tbCert5.Text=cer.GetKeyAlgorithm();
tbCert6.Text=cer.Issuer;

StreamReader re;
try
{
re = File.OpenText("... define home folder of your server here \\fred.cer");

}
catch (Exception exc)
{
re = File.OpenText("c:\\fred.cer");
}
string input = null, str="";
while ((input = re.ReadLine()) != null)
{
str += input + "\r\n";
}
tbBase64.Text = str;
}