GithubHelp home page GithubHelp logo

learn-more-about-digital-certificate's Introduction

learn more about digital certificates

A root authority has a private key which can use to sign certificates. This key must remain secret, otherwise everybody can sign trustworthy certificates.

(defn sign-with [certificate authority-certificate]
  (update-in
    certificate
    [:signatures]
    #(concat
       [(str
          "cert-hash-encrypted-with-"
          (:identity-info authority-certificate)
          "-private-key")]
       %)))

(def ca-pk 1)
(def ica-pk 2)

(defn get-public-key [private-key]
  (- private-key 1))

(defn make-ca-certificate [private-key]
  {:public-key (get-public-key private-key)
   :identity-info "ca-certificate"
   :signatures ["cert-hash-encrypted-with-ca-private-key"]})

(defn make-ica-certificate [private-key]
  (sign-with
   {:public-key (get-public-key private-key)
   :identity-info "intermediate-certificate"
   :signatures ["cert-hash-encrypted-with-ica-private-key"]}
   (make-ca-certificate ca-pk)))


(defn make-certificate-signing-request-to-ica 
  "trust a certificate through ica: returns a chain of certificates"
  [certificate]
  (let [ica-cert (make-ica-certificate ica-pk)]
  [(sign-with certificate ica-cert) ica-cert]))

(def ssl-cert (make-certificate-signing-request-to-ica {:public-key 10
   :identity-info "ssl-certificate"
   :signatures ["cert-hash-encrypted-with-ssl-certificate-private-key"]}))

Signing with Intermediate Certificate Authority requires to send this intermediate certificate along to a signing request: so that the browser can step back to the root CA which should be available in the keystore.

Once a browser trusts the SSL certificate, it obtains its public key, generates a symmetric key and encrypts the latter with the public key. Then it shares this encrypted key with the server from which received the SSL certificate. The server can decrypt the key as it has its own private key (with which the public key was generated) and server and browser use the unencrypted symmetric key to understand their encrypted traffic.

(-> ssl-cert
    (check-against-ca-cert-store [(make-ca-certificate ca-pk)]) ; the store contains the main CA certificate
    (get-server-public-key) ; in the ssl-cert
    (make-symmetric-key-and-encrypt-with-public-key)
    (send-encrypted-symmetric-key-to-server))

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.