Newbie - basic Cert Q's - PGP

This is a discussion on Newbie - basic Cert Q's - PGP ; ************************************************** ********************** **** This is a repost of an old question being asked back in 2001 ***** ************************************************** ********************** **** the person did not recived any answers to his post. ***** **** because i have the same questions i am ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Newbie - basic Cert Q's

  1. Newbie - basic Cert Q's

    ************************************************** **********************
    **** This is a repost of an old question being asked back in 2001 *****
    ************************************************** **********************
    **** the person did not recived any answers to his post. *****
    **** because i have the same questions i am reposting (c & p) his. *****
    **** thank you for your comments *****
    ************************************************** **********************

    From: Chris L (chris@ooc2000.com)
    Subject: Newbie - basic Cert Q's
    This is the only article in this thread
    View: Original Format
    Newsgroups: comp.security.pgp.discuss
    Date: 2001-03-22 08:11:10 PST

    Howdy all. I'm a C/Java/PHP mutt programmer, and I have to do some
    PGP stuff. I've been doing some reading the last several days. One
    thing that has me quite confused is certificates, particularly the
    realpolitik of how to get them, and which kind to get.

    I think I understand that a certificate is used instead of a public
    key - it's sort of an 'official' public key. (In OOPese. certificates
    ere a subclass of public key.) So in any instance where I would
    provide a public key, I instead provide a certificate. Further, there
    are (at least?) two kinds of certificates: PGP, and X.509.

    Okay, I'm trying to develop an online document exchange system, where
    all kinds of users upload documents, and have the option of signing
    them (or maybe they get signed automatically - who knows). To sign a
    document, all I need is a PGP keypair (I guess I'd write an ActiveX or
    something to make the signing happen on the clientside - obviously I
    can't be storing keypairs centrally). However, I don't really want
    untrusted public keys floating around; I'd like to user certificates
    instead. I can think of three options:

    1) Use PGP certificates, which are free
    2) Use X.509 certs from Verisign or somebody
    3) Become a CA, and issue my own X.509 certs.

    In some ways #1 and #3 are the same thing. I have to figure out how to
    actually create and issue the certs, plus I have to think of a way to
    actually make sure they're meaningful - if I just have a form to fill
    out that sends you your cert, then I have an 'official' public key
    that isn't any more authentic than a normal public key. I don't seem
    to read anything about PGP certs except in the How PGP Works doc, so
    are they never really used? With #2, the problem would be the
    Verisign's certs aren't cheap (maybe I could make some sort of bulk
    arrangement), and I have no idea which ones to buy. Their site has SSL
    certs, Authenticode certs, Netscape certs, Email certs - I'm lost!

    More mysteries - how can I turn an existing public key into a
    certificate? If I buy a cert from Verisign, I don't really want a
    whole new public key, I just want to wrap my existing key. Or is a
    certificate just a 'wrapper'? Also, although I read things like 'sign
    the message with your certificate', my guess is that this is
    inaccurate, since you wouldn't sign something with your public key. So
    what really happens? Does your cert somehow go on your keyring, and so
    when you sign a document, both your private key and cert are used to
    create the signature? And what if I decide to be a CA and issue
    X.509's - but I also want to accept Verisign and other X.509s? What
    then?

    An interesting world, no doubt. Thanks for any help,
    Chris

    P.S. Eek - this got pretty long. Sorry.

  2. Re: Newbie - basic Cert Q's

    On 10 Aug 2004 07:49:58 -0700, in article
    <42da0084.0408100649.211a54b8@posting.google.com>, q01100110@yahoo.com
    (good man) wrote:

    >




    I can't help with most of your post I'm afraid but you can get
    software for creating your own self-signed certs from here:

    http://secure.sylikc.net:8080/self_signed/

    http://www.hohnstaedt.de/xca.html

+ Reply to Thread