certificates.rst (1532B)
1 Certificates 2 ===================== 3 4 5 6 7 8 9 10 11 12 https://www.linuxjournal.com/content/understanding-public-key-infrastructure-and-x509-certificates 13 14 15 16 17 18 19 20 encoding is important: if there were multiple ways to encode the data 21 in the certificate, as there might be using BER, the hash might assume 22 several different values. By using DER, you guarantee that the values 23 are encoded and decoded consistently into the same series of bytes. If 24 a single byte changes, a different hash would be created and the 25 verification 26 27 28 29 30 31 32 33 34 signature from a 35 certificate authority, which is most often a self-signature. 36 37 38 39 account: 40 41 42 - Signed by a CA (from an organization or self-signed). 43 - The subject UID field must be the hexadecimal form of the JamiId. 44 - The issuer UID field must be the hexadecimal form of the issuer 45 public key fingerprint (CA). 46 - Random RSA key-pair of at least 4096-bits long. 47 48 49 The subject UID field of the account certificate must be the hexadecimal 50 form of the public key fingerprint. The issuer UID field must be the 51 hexadecimal form of the issuer public key fingerprint. 52 53 device: 54 55 56 - This is the identity of one specific device used to run Jami. 57 - One per device. 58 - Random and 4096-bits long. 59 - The SHA-1 fingerprint of the public key becomes the **DeviceId**. 60 - Must be signed by the private key that created the Jami certificate. 61 - The subject UID field must be the hexadecimal form of the DeviceId. 62 - The issuer UID field must be the hexadecimal form of the issuer 63 public key fingerprint (JamiId).