There is a duality between the use of PKI when performing asymmetric encryption and signing. As very nicely summarized here, encryption (enables one way private communication in case there is only one pair in place) uses the public key to encrypt and private key (there is only one holder) to decrypt, and signing uses the private key to encrypt and public key to decrypt. The former provides more of confidentiality while the latter provides authenticity (origin confirmation), integrity (no modification introduced) and non-repudiation (prevent denial cases : only receiver can open with sender's public key and only from the sender must come because of her private key.
This tutorial is a good one for XML signatures and this tutorial is good to JSON Web signature...
There is also this tutorial on the use of keytool (from Java runtime) to manage keys, certificates, keystores etc...
Stay tuned...
skip to main |
skip to sidebar
The phrase I like very much : "Small steps into big dreams ..."
