image provider

Certificate Viewer


Disclaimer

This essay does not describe an existing computer program, just one that should exist. This essay is about a suggested student project in Java programming. This essay gives a rough overview of how it might work. I have no source, object, specifications, file layouts or anything else useful to implementing this project. Everything I have prepared to help you is right here.

This project outline is not like the artificial, tidy little problems you are spoon-fed in school, when all the facts you need are included, nothing extraneous is mentioned, the answer is fully specified, along with hints to nudge you toward a single expected canonical solution. This project is much more like the real world of messy problems where it is up to you to fully the define the end point, or a series of ever more difficult versions of this project and research the information yourself to solve them.

Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; or give you any additional materials. I have too many other projects of my own.

Though I am a programmer by profession, I don’t do people’s homework for them. That just robs them of an education.

You have my full permission to implement this project in any way you please and to keep all the profits from your endeavour.

Please do not email me about this project without reading the disclaimer above.

Digital certificates are not plain text.
  1. You can’t tell just by looking at them whether they include the private key.
  2. You can’t tell just by looking at them what root certificate backs them up.
  3. You can’t tell just by looking at them what kind they are and what they are for.
  4. You can’t decipher much of the information encoded in binary or encrypted form.
I have always been nervous that I might accidentally give away the private portion of my certificate when I did not intend to. I would like a way of ensuring I don’t.

I would like you to write a certificate viewer. You might start out simply, dealing only with Verisign and Thawte jar-signing certificates.

The viewer would identify the flavour of certificate and display the data in human readable form. It would tell you if the private key were included. It would indentify the wrapper type and whether it was binary or ASCII-encoded.

Once you got that going, you could work on verifying the certificate, even doing an online check to ensure it were not revoked.

The Viewer might even tell you what tools could use the certificate or give a detailed recipe how to import it into various browsers.

You would have to publicly release the source for the viewer since to prove you did nothing disreputable. Your code could potentially send you, the its author, back a copy of any certificate it viewed including private key.

As a companion product, you might write a Certificate Amanuensis. You tick off whether you want jar signing, email protection, SSL (Secure Sockets Layer) etc, what browsers you want it to work in, etc. It then tells you what kind of certificate you need, its rough cost and gives you some URLs (Uniform Resource Locators) where you can buy it. It would also tell you what tools you will need to use the certificate and points you to some URLs where they are described. It would also give instruction on how to create a phony certificate.

Combined with logic from the Certificate Viewer, it might also, given a certificate, tell you how to install it in various browsers and how to install its signing authority root.

Here is the source code for a simple Certificate viewer:

IBM (International Business Machines) has written a free certificate viewer and manager called keyman that you might use as a model.

Root Certificate Installer
SSL
TLS

This page is posted
on the web at:

http://mindprod.com/project/certificate.html

Optional Replicator mirror
of mindprod.com
on local hard disk J:

J:\mindprod\project\certificate.html
Canadian Mind Products
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

IP:[65.110.21.43]
Your face IP:[3.135.195.180]
You are visitor number