Primer for X.509 certificates on Windows
Asked Answered
D

4

13

I am presently studying the topic of encrypting and signing SOAP messages via WSE 3.0 or WCF. Since I have not participated in distributed application development involving the public Internet, I find my knowledge on X.509 ceritificates lacking and how it works in the Windows certificate store mechanism. It is not about asymmetric cryptography; it is about the PKI ecosystem.

Therefore I would like to gather what are some articles or books that give comprehensive explanations on Windows' security mechanisms, how to properly use and manage the Certificate Store, CA trust chains, and how APIs like WSE or WCF may interact and make use of certificates. Recommendations?

Distinctive answered 9/1, 2009 at 3:38 Comment(2)
WSE is obsolete. All new web service work should be done using WCF, and existing WSE code should be migrated or retired ASAP.Pendley
WSE is "not obsolete" when studying for certification :-/Distinctive
D
2

I think the base starting point to understanding the Windows implementation of PKI has to come from TechNet

PKI segment http://technet.microsoft.com/en-us/library/cc757327(WS.10).aspx

Certificates overview http://technet.microsoft.com/en-us/library/cc784662(WS.10).aspx

Certificate services http://technet.microsoft.com/en-us/library/cc783511(WS.10).aspx

Certificate templates http://technet.microsoft.com/en-us/library/cc758496(WS.10).aspx

Distinctive answered 19/1, 2010 at 7:9 Comment(0)
A
6

Everyone using (or thinking of using) X.509 certificates should be forced to read this: Everything you Never Wanted to Know about PKI but were Forced to Find Out, as well as X.509 Style guide, both by Peter Gutmann.

Atheroma answered 13/1, 2009 at 20:11 Comment(3)
those are actually funny reads, but unfortunately the presentation PDF seems to be a report on all the massive flaws and ailments of PKI and x.509 but no where explaining "How does Windows and IE make use of the certs stored the Cert Store; and what can developers really do with them for security scenarios?"Distinctive
The text guide is unfortunately formatted only as a raw text file which makes for difficult reading. I cannot tell which section contains the relevant information i am looking for?Distinctive
You said that "I find my knowledge on X.509 ceritificates lacking" - this should help.Atheroma
D
2

I think the base starting point to understanding the Windows implementation of PKI has to come from TechNet

PKI segment http://technet.microsoft.com/en-us/library/cc757327(WS.10).aspx

Certificates overview http://technet.microsoft.com/en-us/library/cc784662(WS.10).aspx

Certificate services http://technet.microsoft.com/en-us/library/cc783511(WS.10).aspx

Certificate templates http://technet.microsoft.com/en-us/library/cc758496(WS.10).aspx

Distinctive answered 19/1, 2010 at 7:9 Comment(0)
E
1

"Learning WCF" by Michele Bustamente has a good overview chapter on WCF security, including some basic discussion on X.509 certificates.

Estellestella answered 12/1, 2009 at 12:12 Comment(1)
Chapter 7 of Learning WCF gives introductory details about certificates, and how to motion WCF to use them. However, I am also looking for the lower level - managing, issuing, purchasing certificates, establishing own CA, creating fake certs, etc.Distinctive
A
1

From the MSDN:

How to: Decrypt XML with x509

How to: Encrypt XML with x509

Andeee answered 12/1, 2009 at 12:24 Comment(1)
I am looking for more than just encrypting/decrypting XML documents. Wish to know what exact x.509 encompasses; how Windows stores and uses them. How they are validated and identified, etc. How do we even setup our own CA and create our own certs?Distinctive

© 2022 - 2024 — McMap. All rights reserved.