OpenSSL: Keys and Certificates

Guard The Center

Of Keys and Certificates

A certificate contains a public key, which is related mathematically to a private key that is never shared. The key pair (of asymmetric cryptogram) is binded and described by the certificate. The certificate, aside from containing the public key, contains additional information such as issuer, what the certificate is supposed to be used for, and other types of metadata. A certificate is signed by a certificate authority (CA) using CA’s private key. This verifies the authenticity of the certificate. If it is self-signed, the owner of the certificate must take care of the security of its own lifecycle including establishing the 1st trust. If this step is wrong, the security assumption collapses.

The secret / symmetric key (of symmetric cryptogram) cannot be shared publicly. Session key(s) of this form may be shared during a secure communication session, such as in TLS or SSH, through key agreement protocols (which we will not cover here).

The secret / symmetric key can also occur in HMAC which is used for data integrity instead of secrecy, though symmetric cryptogram can also be used to fulfill this function.

Keys

Under [keys.sh], there is a series of key generation for various symmetric and asymmetric cryptograms:

generate_key_for_*:
1. Ciphering (AES) # currently only CBC, though AEADs like GCM and Chacha20_Poly1305 are preferred
2…