• Post Reply Bookmark Topic Watch Topic
  • New Topic

Signing a public key/certificate?  RSS feed

 
Greenhorn
Posts: 4
Java Linux VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have some problems about what the actual signing process does. Asymetric cryptography is completly clear to me atleast from a mathematical point of view.

When I know create a private and a public key and keep the private one and give the public one away to people I would like to communicate with they can encrypt the information with this key and I can decrypt the messages with my key.

So where is the use of signing a key, especially self-signing a key and what is exaclty done when a key got signed?

PS.: I just randomly picked one of the subforum because I have no plan which fitts with my needs. I want to setup a glassfish v4 server that lets only access users to a servlet with already own the public key or whatever the signing process does with the public key. I am like reading a million tutorials which use different keytools make different suggestions and tell me about this or that shouldn't be used in practice but we doing it here anyway stuff. I have no idea how to reach my goal atm. :/
 
author
Sheriff
Posts: 23513
138
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bax Fos wrote:
So where is the use of signing a key, especially self-signing a key and what is exaclty done when a key got signed?



Long story short. Signing a certificate basically means encrypting it with your private key. Since it can be decrypted (with a public key), it is not secure obviously. However, it does prove that you encrypted (signed) it, as you are the only one holding the private key (and is capable of doing it).

Henry
 
Bax Fos
Greenhorn
Posts: 4
Java Linux VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where do I get the certificate to sign it?
I want to provide a webservice via glassfish v4 with a servlet which just a chosen number of user can connect to. These users already have the public key on their devices (manually installed).
Since I am completly new to JavaWebservices and all this server stuff I would be happy if you could explain in detail if you know something about it.
 
Henry Wong
author
Sheriff
Posts: 23513
138
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

There is a world of difference between "what is signing?" to "how to setup web services for glassfish?". Furthermore, security is a layer on top of that. Additionally, Web Services and Servlets are not the same thing, so there is confusion in your question as well...

Perhaps starting with the glassfish tutorials would be a good idea?

Henry
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!