[ticker-dev] Key exchange
Phillips, Matthew
Matthew.Phillips at dsto.defence.gov.au
Thu Aug 15 17:00:43 EST 2002
Hi David,
> -->"Matthew" == Phillips, Matthew
> <Matthew.Phillips at dsto.defence.gov.au> writes:
>
> Hi Matthew,
>
> Matthew> My travels through crypto-land indicate that there are
> Matthew> standard formats for keys such as PKCS12 that not only
> Matthew> allow key export, but also certificate chains the validate
> Matthew> the keys (ie signed keys).
>
> do you have a recommended reference for this standard?
Hehe, my great knowledge of PKI crypto standards comes from simply reading
the Java Crypto Extensions (JCE) docs. See the architecture doc
http://java.sun.com/j2se/1.4/docs/guide/security/CryptoSpec.html and the
reference guide
http://java.sun.com/j2se/1.4/docs/guide/security/jce/JCERefGuide.html. The
PKCS standards come from RSA (eg
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/) and seem to be widely used
(eg SSL).
I actually think using one of these would be overkill unless we want to use
digital signatures to transfer keys across open channels.
> you might like to check out this thread
>
>
http://www.elvin.biz/ListArchive/elvin-dev/archive/2001/09/msg00033.html
Wow, the format there is spookily similar. I'd be happy to follow that,
although I would agree with Ian that a simple "Shared"/"Private" would
suffice over specifying consumer/producer/dual as well as access (I
certainly intend in Sticker to KISS and simply distinguish between
shared/private keys and use the "Ian" algorithm to determine where they get
used).
Matthew.
More information about the ticker-dev
mailing list