• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

Signing a public key/certificate?

 
Greenhorn
Posts: 4
VI Editor Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have some problems about what the actual signing process does. Asymetric cryptography is completly clear to me atleast from a mathematical point of view.

When I know create a private and a public key and keep the private one and give the public one away to people I would like to communicate with they can encrypt the information with this key and I can decrypt the messages with my key.

So where is the use of signing a key, especially self-signing a key and what is exaclty done when a key got signed?

PS.: I just randomly picked one of the subforum because I have no plan which fitts with my needs. I want to setup a glassfish v4 server that lets only access users to a servlet with already own the public key or whatever the signing process does with the public key. I am like reading a million tutorials which use different keytools make different suggestions and tell me about this or that shouldn't be used in practice but we doing it here anyway stuff. I have no idea how to reach my goal atm. :/
 
author
Posts: 23840
141
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bax Fos wrote:
So where is the use of signing a key, especially self-signing a key and what is exaclty done when a key got signed?



Long story short. Signing a certificate basically means encrypting it with your private key. Since it can be decrypted (with a public key), it is not secure obviously. However, it does prove that you encrypted (signed) it, as you are the only one holding the private key (and is capable of doing it).

Henry
 
Bax Fos
Greenhorn
Posts: 4
VI Editor Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where do I get the certificate to sign it?
I want to provide a webservice via glassfish v4 with a servlet which just a chosen number of user can connect to. These users already have the public key on their devices (manually installed).
Since I am completly new to JavaWebservices and all this server stuff I would be happy if you could explain in detail if you know something about it.
 
Henry Wong
author
Posts: 23840
141
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

There is a world of difference between "what is signing?" to "how to setup web services for glassfish?". Furthermore, security is a layer on top of that. Additionally, Web Services and Servlets are not the same thing, so there is confusion in your question as well...

Perhaps starting with the glassfish tutorials would be a good idea?

Henry
 
We should throw him a surprise party. It will cheer him up. We can use this tiny ad:
create, convert, edit or print DOC and DOCX in Java
https://products.aspose.com/words/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!