Pong

## June 8th 2014, SSL Certificates and Private Keys

The Qt documentation explains the principles of SSL encryption nicely:

In principle, with SSL one needs to distinguish between

• authentication
• encryption

Both are necessary for a secure and trusted communication.

For authentication, the server needs to be certified by a so called CA. This process is usually performed by agencies like Verisign or Thawte, but the certification does not come for free. For testing purposes, however, the authenticity of the server is irrelevant, so a so called self-certified certificate is sufficient. The certificate is also required for the next part, the encryption of the communication.

Once a trusted communication is established between a client and an authenticated server, the communication between the two needs to be secured by encryption. The certificate has two parts: a public certification key and a private key. The latter is used for seeding the encryption of the data being transmitted.

To generate a self-certified certificate we use the openssl tool of the OpenSSL suite with the x509 coomand as follows:

openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 0


This generates both the public certificate (cert.pem) and the private key (key.pem) of the certificate in the so called PEM format. Note that the certificate is expired. It can only be used to encrypt the data from endpoint to endpoint, but whether or not the endpoint is the real one or pretending to be the one, cannot be secured. The communication is encrypted but still insecure. If used in a web browser this will cause an error, since the signing authority is unknown and untrusted. For testing purposes it’s fine.

The two PEM files look like that:

-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIJAM4gTJc2d3x0MA0GCSqGSIb3DQEBBAUAMFYxCzAJBgNV
BAYTAkRFMRIwEAYDVQQHEwlOdXJlbWJlcmcxGTAXBgNVBAoTEE9wZW4gVGVyYWlu
IE9yZy4xGDAWBgNVBAMTD1N0ZWZhbiBSb2V0dGdlcjAeFw0xNDA2MDgxNzExNTNa
Fw0xNDA3MDgxNzExNTNaMFYxCzAJBgNVBAYTAkRFMRIwEAYDVQQHEwlOdXJlbWJl
cmcxGTAXBgNVBAoTEE9wZW4gVGVyYWluIE9yZy4xGDAWBgNVBAMTD1N0ZWZhbiBS
KYSnGpVNphqbqCdbFXvenvHTL8lHEtQaXUEJDEesX4bjy5aQ1dL8RHEZh1rUsq0/
3z/cbzQaq//hp5wnNBl852UTlMmwmGxbuB8d0GCmVtTaxvheBCir/cSvGl48zvmL
+J2taeTDsGxmyI21Q7NGs2eo8/fzUvaGCVJdBIh32HjJ7plPQT/TxOcmZ7Zum6kh
z2gleEbWWTjM0FEQWPcwEZVXAudNTtWn/CwD7su3tgo0dhXlArNr7a5ExuL3feOx
0LElnCufE0jhIj6YzvmQkYPDih4V2e229yaUhrXwCREY6fVsnG+P/S3pHbUKLirL
j/gwgYYGA1UdIwR/MH2AFNjMzx1e/rb6VsdpdmabucnNIo/4oVqkWDBWMQswCQYD
VQQGEwJERTESMBAGA1UEBxMJTnVyZW1iZXJnMRkwFwYDVQQKExBPcGVuIFRlcmFp
biBPcmcuMRgwFgYDVQQDEw9TdGVmYW4gUm9ldHRnZXKCCQDOIEyXNnd8dDAMBgNV
zUS7AUlBf82e/uVgPKXlNc0gaZz0JLeB/ciVGAC/2JoWnJo9oSq3jhhlWDhBGaNe
i99XkKekf1wjTO/aa2OEXcStVhQZ6n4OTWIcUv/ruL3MNXg2L0U79bmxdk+2EWET
6cDswhh79yOncLYZXFGkvioBmrFps6Ns+bXHnowDLzK7AVpdQobVEKi7dx1ZTUjc
z7c0VAKojYquhelujsTfjEdi+QDzidy+7dcgCYppyGhPlBaatM+uLde9jy6STJ3V
bIrJRIGwDx7XghP5Kb8K2lD2aacY2/41PKu7K7TNib/2MWsgo3hzQVyemG3w
-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAx/2+lsnBQIYphKcalU2mGpuoJ1sVe96e8dMvyUcS1BpdQQkM
R6xfhuPLlpDV0vxEcRmHWtSyrT/fP9xvNBqr/+GnnCc0GXznZROUybCYbFu4Hx3Q
YKZW1NrG+F4EKKv9xK8aXjzO+Yv4na1p5MOwbGbIjbVDs0azZ6jz9/NS9oYJUl0E
iHfYeMnumU9BP9PE5yZntm6bqSHPaCV4RtZZOMzQURBY9zARlVcC501O1af8LAPu
y7e2CjR2FeUCs2vtrkTG4vd947HQsSWcK58TSOEiPpjO+ZCRg8OKHhXZ7bb3JpSG
tfAJERjp9Wycb4/9LekdtQouKsuqhA2FKpxo1QIDAQABAoIBAQCHVAnyySVO/zn6
/IR9gWSj3q6jqvvXrSYK52gPoFt6UTjHOFMp8NdXVK+/+9PlCDVb/vVbnlAl8fGk
qgpJzL6U0OJ1RQX5NU7zU5O8AxaxRENMMwV9UTGyqTQ4fo374549yGtkV2uK649Z
Sy470buBLvAJDB56op3lyCsGno2GKKx0FtrPMNGTNnpzwM6Ls0udL/4I6WZ+Zxm8
v3KikU5lt5dSarIwz+mqQSyHUbUdzBqWyAjHfWV+UftR4bhg1A7sKALkB4H/76X3
dl/jKQqwX7n8fRzi3BZGNKjgQJT4E85MabplFKnvBWu3NIPa2PmYIkWF4kWk7yA3
MTWbssShAoGBAO1ps8opkRGZY6ZP3BzutTvsRfggL8uXF6PLi7YMIlT6rbA9MTJ4
KWiF6FchMI/pAXW2Y+FJRKDs1chdtOMZe4uMi62rWZjHS21enu9PLeU9DAO41KgA
FWvFeBrE2pWxIQsz4gVC0cetziYgU7uNP3iRaBu7ni1lWI644BzN2EkpAoGBANem
Boa5siqMhufUi9RtGDBpwR+ruRBSPtzDja4bEcJKOJyB1zcZ5+Iz7Y+eJxCWV5xc
kXq2smQsQrNauQDQBT9E+KTFX6R40QJu90q+9ijfG/zxFcl4Ha/2TqBzh3Jv7FSU
+mHSiLnpRIDO6dBKlMtgsbgokAV2mLMBrir87pvNAoGBAJgFgE+qUC8xxkJfjrWk
EL7fK2qXyaMXC9chZkPa/zzlC8T3WgJUOUepvz3TjdIIxJuIf+ppTR2yqa3UexiU
X6zbATHir8uJif3tgd4BGIVaks/rUZiF/TF2T9LsTH9f3aXbwhXWVJgE7iUxvAwz
hPoCOeTQPZgZ9hvlu/QVxzIJAoGAPSCZvvzKTRdSckqkbE2USrzfemvB5Kd7nDZu
ZcjUit9hFrQTXlIgkdUoZMpuxlvnb7IppsA85vpI2fBAesN8iUeyt3ofN07r6CWu
QWjJ/CHqHBP2mgpLWAKYnRDCdyTUt9EW/D2idhhyS5TbYCiT7uZ02f/dez733939
EcBqno0CgYEAkqcKk0BWrC+ege+cAw1YhCX3NHMOdAV2n6kZum5kxxRXERgJl/TU
kKmx7kr618Qf9YSrjRNiSDIQ7QyXNBYqX+1mX6IUMsz967g/XS4bvcAachoKCHZS
I2C5uB7um6AOGB4/c2/nt4CZXS0U9NMZKr5keD22o9VqD58LlFJvMyI=
-----END RSA PRIVATE KEY-----