SSL preview

From the Java viewpoint: overall infrastructure follows x.509 standard.
1. ssl handshake (public key)
-key suite (guarantee the protection of the communication)
impl: keystore
- store the keys consisted by Keys:
1.public key and private key (may also store the certificate chain in this situation and the first certificate including the public key.)
or 2.secure key
that is to say:
| key item | certificate item
| private key and certificate chain | self-signature certificate (not chain, it including public key)
| secure key | -
-algorithm of the keystore
-jks(only deal with the secure key)
-jckes(deal with the secure key)
-pkcs12(only can read from keystore)
-algorithm of message digest
-MD5, SHA1
-algorithm of signature for self-signature certificate
-SHA1withDSA
first you self-signature a certificate, then you can got the CA certificate. and chain come into being. and if you want to be accepted by others, you have to got the rootCA's certificate.
-algorithm of public key and private key
-DSA, RSA
when you want to communicate the specific endpoint, you need export the key using alias.
2. certificate each other (guarantee the right target)
3. private key exchange with digit signature (guarantee the data integrity)
4. ssl communication (secure key and digital signature)