Crypto and PKI Projects

The projects in this area will help you to understand the concepts involved in cryptography and public key infrastructure (PKI).

Many of the projects involve public key digital certificates. These can be obtained from various online sources (e.g. VeriSign, Go Daddy), or you can create your own with XCA or OpenSSL.

Server certificates are used to enable SSL/TLS on web, email and other servers. If you are deploying a production site that can be used by just anyone, it is best to use public hierarchy certificates from a commercial Certification Authority. If you are setting up a server that will only be used by a limited number of people, or for training purposes, you can create your own private hiearchy server certificates yourself and include the necessary root and intermediate certificates for those users to download and install in their browsers.

Client certificates are used to enable end-to-end security products, such as S/MIME e-mail, as well as for strong client authentication with websites. Each client needs their own certificate, which is tied to their name and e-mail (possibly other identifiers as well). Some commercial certification authorities provide inexpensive or free client digital certificates with little or no authentication (e.g. ability to receive an e-mail sent to your e-mail address). You can implement any identity verification scheme you want (e.g. based on employee records, HR department, customer service department, etc). These are far better than any username/password scheme, or even "synchronized number tokens", especially if you create and use the certificates in a PKI security token.