deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial import of 0.83 from SF

Browse Source
This commit is contained in:
root
2012-02-28 08:23:39 +00:00
commit f81dd66698
78 changed files with 5145 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
help/PKI_basics.html Normal file
View File

@@ -0,0 +1,64 @@
<html>
<head>
<link rel='stylesheet' type='text/css' href='../css/style.css'>
<title>PKI and E-mail Encryption - A Brief Explanation</title>
</head>
<body>
<center><h1>PKI and E-mail Encryption - A Brief Explanation</h2></center>
PKI stands for <cite>Public Key Infrastructure</cite>. PKI is Information
Technology infrastructure that enables users of a basically unsecure public
network (such as the Internet) to securely and privately exchange data through
the use of a <a href=glossary.html#KEYS target=glossary>public and a private
cryptographic key pair</a> that is obtained and shared through a
<a href=glossary.html#CA target=glossary>trusted Authority</a>.
<p>
Public and private keys are like two halves of a single key. PKI encryption
algorithms are designed such that a public key is used to encrypt or
"lock" a message, and only the complementary private key can "unlock" that
message.
Think of a bank vault or safe that can only be unlocked by two individuals
using two different but complementary keys. Neither of those keys can be used
by itself to unlock the vault.
<p>
In practice, individuals wishing to exchange encrypted e-mail
will agree to mutually trust one or more <a href=glossary.html#CA target=glossary>
Certificate Authorities(CA)</a> by downloading and installing each trusted Authority's
<a href=glossary.html#ROOT-CERT target=glossary>root certificate</a> on their computers.
They will each obtain their own personal
<a href=glossary.html#CERTIFICATE target=glossary>digital certificate</a>
from a trusted Certificate Authority, and install them on their
respective computers.
Because they mutually trust the Certificate Authorities, they trust each other's
digital certificates. More specifically, they trust the
<a href=glossary.html#KEYS target=glossary>public keys</a> contained within
their personal digital certificates which have been
<a href=glossary.html#SIGNATURE target=glossary>digitally signed</a> by a
trusted Certificate Authority.
They will then exchange their trusted public keys by sending each other
digitally signed e-mail messages. Once each party has the other's public key,
they may exchange trusted and encrypted messsages.
<p>
Public key exchange and encryption is like exchanging notarized documents.
One trusts a notarized document because a trusted third party, the Notary
Public, has signed it. The Certificate Authority is the Notary Public, and
the public keys are the documents.
<p>
Remember, having a personal digital certificate alone does <strong>not</strong>
give one the ability to send encrypted e-mail to others, but only allows the
<strong>receipt</strong> of encrypted e-mail. PKI is a cooperative encryption
standard. Both parties who are exchanging encrypted messages must have
personal digital certificates, they must trust the Certificate Authority
which issued the other persons certificate, and they must exchange
public keys with each other, as described above.
<p>
The process of installing certificates and exchanging public keys is dependent
upon the e-mail application one uses, and is beyond the scope of this document.
</body>
</html>

29
help/cacert_install_ie.html Normal file
View File

@@ -0,0 +1,29 @@
<html>
<head>
<title>Root Certificate Installation for Outlook & Outlook Express</title>
<link rel='stylesheet' type='text/css' href='../css/style.css'>
</head>
<body>
<center><h1>Root Certificate Installation for Outlook & Outlook Express</h1>
<h2>A Step-by-Step Guide</h2></center><br>
<h4>
<p><img src=../images/right-click-install-cacert.jpg>
<p>Open the folder which holds the certificates you have downloaded.<br>
Right-click on the certificate you wish to install, and select
<cite>Install Certificate</cite> from the context menu.
<p><br><img src=../images/cert-wizard1-welcome.jpg >
<p>Click the <cite>Next</cite> button in the <cite>Certificate Wizard</cite>
welcome window.
<p><br><img src=../images/cert-wizard4-select-store.jpg>
<p>Click the <cite>Next</cite> button in the <cite>Select a Certificate Store</cite> window.
<p><br><img src=../images/cert-wizard5-root-final.jpg>
<p>Click the <cite>Finish</cite> button in the <cite>Complete the Certificate..</cite> window.
<p><br><img src=../images/confirm-install-cacert.jpg>
<p>You may be asked to confirm the root certificate installation. Click the <cite>Yes</cite> button if a window like this appears.
<p><br><img src=../images/import-successful.jpg>
<p>Windows confirms the root certificate was successfully imported.<br>
You may now <a href=usercert_install_ie.html>install your personal e-mail certificate</a>.
</h4>
</body>
</html>

144
help/glossary.html Normal file
View File

@@ -0,0 +1,144 @@
<html>
<head>
<title>PHPki Glossary</title>
<link rel='stylesheet' type='text/css' href='../css/style.css'>
</head>
<body>
<a name=TOP></a>
<a name=PKI></a><p>
<table>
<th><h2>PUBLIC KEY INFRASTRUCTURE</h2></th>
<tr><td>
PKI stands for <cite>Public Key Infrastructure</cite>. PKI is IT infrastructure that enables users of a basically unsecure public network (such as the Internet) to securely and privately exchange data through the use of a public and a private <a href=#KEYS>cryptographic key pair</a> that is obtained and shared through a trusted authority.
PKI is not only software or hardware. It is an infrastructure. So, PKI is a combination of products, services, facilities, policies, procedures, agreements, and people. All of these elements work together to provide for secure interactions on the Internet and other open networks. PKI is not a single monolithic entity, but a distributed system. The component elements may include multiple organization-specific public key infrastructures that are interoperable and interconnected.
</td></tr>
</table>
<a name=CERTIFICATE></a><p>
<table>
<th><h2>DIGITAL CERTIFICATE</h2></th>
<tr><td>
<p>
An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.
<p>An individual wishing to send an encrypted message applies for a digital certificate from a <a href=#CA>Certificate Authority (CA)</a>. The CA issues an encrypted digital certificate containing the applicant's <a href=#KEYS>public key</a> and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet.
<p>The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.
<p>The most widely used standard for digital certificates is X.509.
</td></tr>
</table>
<a name=CA></a><p>
<table>
<th><h2>CERTIFICATE AUTHORITY</h2></th>
<tr><td>
A trusted third-party organization or company that issues digital certificates used to create digital signatures and <a href=#KEYS>public-private key pairs</a>. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be.
</td></tr>
</table>
<a name=KEYS></a><p>
<table>
<th><h2>PUBLIC KEY ENCRYPTION</h2></th>
<tr><td>
A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.
<p>An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.
</td></tr>
</table>
<a name=SMIME></a><p>
<table>
<th><h2>S/MIME</h2></th>
<tr><td>
S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-mail that uses the <a href=#RSA>RSA</a> encryption system. S/MIME is included in the latest versions of the Web browsers from Microsoft and Netscape and has also been endorsed by other vendors that make messaging products. RSA has proposed S/MIME as a standard to the Internet Engineering Task Force (IETF).
</td></tr>
</table>
<a name=RSA></a><p>
<table>
<th><h2>RSA</h2></th>
<tr><td>
RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape. It's also part of Lotus Notes, Intuit's Quicken, and many other products. The encryption system was owned by RSA Security, but a recent patent expiration placed it into the public domain. The technologies are part of existing or proposed Web, Internet, and computing standards.
</td></tr>
</table>
<a name=ROOT-CERT></a><p>
<table>
<th><h2>ROOT CERTIFICATE</h2></th>
<tr><td>
A root certificate is like a MASTER
<a href=#CERTIFICATE>digital certificate</a>.
You must install a <a href=#CA>certificate authority's</a> root certificate
before you can trust other certificates issued by that same certificate
authority. Root certificates are used to "sign" other certificates.
A signature by a root certificate is somewhat analogous to "notarizing" a
document in the physical world. When you install a root certificate on your
computer, you are saying you "trust" that certification authority and all
certificates it signs.
</td></tr>
</table>
<a name=SIGNATURE></a><p>
<table>
<th><h2>DIGITAL SIGNATURE</h2></th>
<tr><td>
A digital code that can be attached to an electronically transmitted message
that uniquely identifies the sender. Like a written signature, the purpose of
a digital signature is to guarantee that the individual sending the message
really is who he or she claims to be. Digital certificates inherently provide
digital signature capability to most S/MIME enable e-mail clients. Digitally
signing an e-mail usually provides the recipient the with the sender's public
key, so the recipient may then send encrypted e-mail back to the sender.
</td></tr>
</table>
<a name=X509></a><p>
<table>
<th><h2>X.509</h2></th>
<tr><td>
The most widely used standard for defining digital certificates. X.509 is
actually an ITU Recommendation, which means that has not yet been officially
defined or approved. As a result, companies have implemented the standard in
different ways. For example, both Netscape and Microsoft use X.509 certificates
to implement SSL in their web servers and browsers. But an X.509 certificate
generated by Netscape may not be readable by Microsoft products, and vice
versa.
</td></tr>
</table>
<a name=PEM></a><p>
<table>
<th><h2>PEM</h2></th>
<tr><td>
PEM is a widely used standard for storing digital certificates.
A PEM encoded file can contain all of private keys, public keys, and
<a href=#X509>(x.509)</a> certificates. It is the default format for OpenSSL.
It stores data in Base64 encoded format, surrounded by ascii headers, so it is
suitable for text mode transfers between systems. PEM files usually end with
a <cite>.PEM</cite> extension.
</td></tr>
</table>
<a name=DER></a><p>
<table>
<th><h2>DER</h2></th>
<tr><td>
DER is a widely used standard for storing digital certificates. A DER encoded
file can contain all of private keys, public keys, and <a href=#X509>(x.509)</a>
certificates. DER is a binary encoded headerless format. DER files usually
end with a <cite>.CRT</cite> or <cite>.CER</cite> extension.
</td></tr>
</table>
<a name=PKCS12></a><p>
<table>
<th><h2>PKCS #12</h2></th>
<tr><td>
PKCS #12 (a.k.a. Personal Information Exchange Standard) is a standard for storing private keys and certificates securely (well sort of). It is used in (among other things) Netscape and Microsoft Internet Explorer with their import and export options. PKCS12 files usually end with a <cite>.PFX</cite> extension.
</td></tr>
</table>
<br><br></body></html>

40
help/usercert_install_ie.html Normal file
View File

@@ -0,0 +1,40 @@
<html>
<head>
<title>Personal E-mail Certificate Installation for Outlook & Outlook Express</title>
<link rel='stylesheet' type='text/css' href='../css/style.css'>
</head>
<body>
<center><h1>Personal E-mail Certificate Installation for Outlook & Outlook Express</h1>
<h2>A Step-by-Step Guide</h2></center><br>
<h4>
<p><img src=../images/right-click-install-usercert.jpg>
<p>Open the folder which holds the certificates you have downloaded.<br>
Right-click on the certificate you wish to install, and select
<cite>Install PFX</cite> from the context menu.
<p><br><img src=../images/cert-wizard1-welcome.jpg >
<p>Click the <cite>Next</cite> button in the <cite>Certificate Wizard</cite>
welcome window.
<p><br><img src=../images/cert-wizard2-select-file.jpg>
<p>Click the <cite>Next</cite> button in the <cite>Select File to Import</cite> window.
<p><br><img src=../images/cert-wizard3-password.jpg>
<p>The personal e-mail certificate files created by PHPki contain an encrypted
copy of your private key. When your certficate was created, a password was
given to PHPki to encrypt the private key. The same password is used to
decrypt your private key and install the certificate. Do not forget or lose
this password as it cannot be recovered under any circumstance.
Select the <cite>Enable strong private key protection</cite> option if you
would like Windows to add an additional layer of password protection to use
your certificate. This is not necessary, and will not be covered further here.
There is no need to select the <cite>Mark the private key as exportable</cite>
option. Enter your certificate password and click the <cite>Next</cite> button
in the <cite>Password Protection for Private Keys</cite> window.
<p><br><img src=../images/cert-wizard4-select-store.jpg>
<p>Click the <cite>Next</cite> button in the <cite>Select a Certificate Store</cite> window.
<p><br><img src=../images/cert-wizard5-user-final.jpg>
<p>Click the <cite>Finish</cite> button in the <cite>Complete the Certificate..</cite> window.
<p><br><img src=../images/import-successful.jpg>
<p>Windows confirms the root certificate was successfully imported.<br>
</h4>
</body>
</html>