声明
该系列文章来自:http://aperiodic.net/phil/scala/s-99/
大部分内容和原文相同,加入了部分自己的代码。
如有侵权,请及时联系本人。本人将立即删除相关内容。
[TOC]
keytool is a key and certificate management utility. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.
A certificate is a digitally signed statement from one entity (person, company, etc.), saying that the public key (and some other information) of some other entity has a particular value. (See Certificates.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data indeed comes from whoever claims to have created and signed it.
上一篇文章 http://blog.csdn.net/hylexus/article/details/53048305、http://www.jianshu.com/p/c929ac2d9134 中,最终得到的安全通信的结论的前提都是基于CA及CA颁发的证书是可靠的基础上的,整个通信过程的安全性也都依赖于CA这个根源。本篇文章就来说说CA及与其相关的一些概念。