Wow, awesome. I just read the foreword and the preface before getting to work. They're very well written, and now I'm excited for the coming chapters for sure :-)
I'll probably read it over the coming week or two. But I'm mildly worried about the date the book was written, which was 1996; and though it was updated in 2001, that was still a long time ago now. I wonder to what degree the material will be outdated, or to what degree modern day material will be completely missing. -Patrick On Apr 21, 2011, at 8:55 AM, Michel (PAYBOX) wrote: > I believe this [freely available] book should interest you : > > Handbook of Applied Cryptography > http://www.cacr.math.uwaterloo.ca/hac/ > > > Le 21/04/2011 00:03, Patrick Rutkowski a écrit : >> I'm pretty new to this PKI stuff, but I'm very confused about why pkcs12 >> files are encrypted. >> >> As I understand it, a basic p12 file contains within it two things: >> >> (1) A private key (private.pem in my case, an RSA key created with genrsa) >> (2) An x509 certificate (cert.pem in my case, created with req -new -x509 >> -key private.pem etc...) >> >> When you create the x509 certificate it isn't encrypted, because all it >> stores inside of it is the public key which is generated from the given >> private.pem; and that's not sensitive data. As far as I can see, there >> aren't even any options in the openssl req sub-utility to encrypt the cert >> created by -new -x509. >> >> Now, if I understand correctly, when you take cert.pem and private.pem and >> store them together into a p12 file, the pkcs12 sub-utility defaults to >> encrypting the p12 file as a whole, even beyond the fact that the internal >> private key is already encrypted, and despite the fact that (I think) the >> certificate doesn't need to be encrypted. >> >> I'm guessing I'm probably missing something here. It's not just that I think >> encrypting the cert would be "silly and paranoid," it's that I don't >> understand why it needs to be encrypted in principle. >> >> Many thanks in advance for any help >> in clearing up a newbie's confusion, >> -Patrick >> >> P.S. >> If there are any de facto standard books to read on the subjecst of RSA and >> PKI, I would be curious to hear a tip. I'm not necessarily just interested >> in learning how to use these technologies from a user-end perspective. I'm >> pretty solid with mathematics, so I would be curious to learn about the >> theory of the implementation details as well. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
