Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 620 — #646
i
i
i
i
i
i
i
i
26.1 X.509 Certification with YaST
An increasing number of authentication mechanisms are based on cryp-
tographic procedures. Digital certificates that assign cryptographic keys
to their owners play an important role in this context. These certificates
are not only used for communication, but can also be found on company
ID cards, for example. The generation and administration of certificates is
mostly handled by “official” institutions that offer this as a commercial ser-
vice. In different cases, however, it may make sense to carry out these tasks
yourself, for example, if a company does not wish to pass personal data to
third parties.
SUSE LINUX offers two YaST modules for this purpose, which offer ele-
mentary management functions for digital X.509 certificates. The follow-
ing sections offer an insight into the principles of digital certification and
explain how to use YaST to create and administer certificates of this type.
However, the topic of digital certification is extremely complex, so the
following descriptions can offer only an overview. For more detailed in-
formation, refer to http://www.ietf.org/html.charters/pkix-
charter.html.
26.1.1 The Principles of Digital Certification
Digital certification uses cryptographic processes to encrypt data, thereby
protecting it from access by unauthorized persons. The user data is en-
crypted using a second data record, or key. The key is applied to the user
data in a mathematical process, producing an altered data record in which
the original content can no longer be identified. Asymmetrical encryption
is now in general use (public key method). Keys always occur in pairs:
Private Key The private key must be kept safely by the key owner. Acci-
dental publication of the private key compromises the key pair and
renders it useless.
Public Key The public key is circulated by the key owner for use by third
parties.
620 26.1. X.509 Certification with YaST