Hello everyone, I have some doubts about certificates, which I wish to get clarification on.
Here is my understanding about certificates: * Certificates bind the public key with some other information like the name of the owner(user), who generated the certificate, the validity period etc. * The certificates are signed by some entity (CA), just to assure that association between the public key and the other information is correct. This helps in identifying the authenticity of the certificate. Now, I state what *I believe* is true in case of PKI and certificates: 1) A private key-public key pair created, can be a) given to a specific user, b) stored on a specific machine. (By some authority ?) 2) In the first case, the user can take the keys with him, and use these for communication from any machine. The other end, on seeing the certificate can know that user 'xyz' is communicating with it. 3) in the second case, any user using that particular machine can use the key pair to communicate (assuming he has access rights). The other end, on seeing the certificate can know that someone from machine 'abc.def.ghi.jkl' is communicating with it. Is this understanding correct? If yes, I would like to know how can I generate a certificate that binds the public key with a particular username or a particular machine? how can a peer authenticate / validate this particular certificate? Could someone please provide a sample validation callback function code? Also, DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
