Certificate Viewer

This essay is about a suggested student project in Java programming. This essay gives a rough overview of how it might work. It does not describe an actual complete program. I have no source, object, specifications, file layouts or anything else useful to implementing this project. Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; I have too many other projects of my own.

I do contract work for a living, which could include writing a program such as this. However, I don’t do people’s homework for them. That just robs them of an education.

You have my full permission to implement this project any way you please.

Digital certificates are not plain text.

You can’t tell just by looking at them whether they include the private key.
You can’t tell just by looking at them what root certificate backs them up.
You can’t tell just by looking at them what kind they are and what they are for.
You can’t decipher much of the information encoded in binary or encrypted form.

I have always been nervous that I might accidentally give away the private portion of my certificate when I did not intend to. I would like a way of ensuring I don’t.

I would like you to write a certificate viewer. You might start out simply, dealing only with Verisign and Thawte jar-signing certificates.

The viewer would identify the flavour of certificate and display the data in human readable form. It would tell you if the private key were included. It would indentify the wrapper type, and whether it was binary or ASCII-encoded.

Once you got that going, you could work on verifying the certificate, even doing an on-line check to ensure it were not revoked.

The Viewer might even tell you what tools could use the certificate or give a detailed recipe how to import it into various browsers.

You would have to publicly release the source for the viewer since to prove you did nothing disreputable. Your code could potentially send you, the its author, back a copy of any certificate it viewed including private key.

As a companion product, you might write a Certificate Amanuensis. You tick off whether you want jar signing, email protection, SSL etc, what browsers you want it to work in, etc. It then tells you what kind of certificate you need, its rough cost, and gives you some URLs where you can buy it. It would also tell you what tools you will need to use the certificate, and points you to some URLs where they are described. It would also give instruction on how to create a phony certificate.

Combined with logic from the Certificate Viewer, it might also, given a certificate, tell you how to install it in various browsers, and how to install its signing authority root.

Here is the source code for a simple Certificate viewer:

You can try an Applet version of this viewer on-line now.

IBM has written a free certificate viewer and manager called keyman that you might use as a model.

Root Certificate Installer

	Please email your feedback for publication, errors, omissions, broken/redirected link reports and suggestions to improve this page to Roedy Green :
	Canadian Mind Products
	mindprod.com IP:[65.110.21.43]
	Your face IP:[38.103.63.17]	The information on this page is for non-military use only.
	You are visitor number 6,708.	Military use includes use by defence contractors.
	You can get a fresh copy of this page from:	or possibly from your local J: drive (Java virtual drive/Mindprod website mirror)
	http://mindprod.com/project/certificate.html	J:\mindprod\project\certificate.html