1
2Quick summary of the main purpose here:  X.509 certs are used in public
3key infrastructure for protocols such as SSL and SET.  These certificates
4involve ISO/CCITT standard technologies such as ASN.1/DER, which control
5the format of the data being transmitted.  X.509 itself describes the
6content of the data (e.g. X.500 user name, public key for that user, more)
7and how to sign it.
8
9+++	+++	+++	+++	+++	+++	+++	+++	+++
10
11The X.509 support in JDK 1.2 builds on the java.security signature and
12key management APIs.  The following packages provide the X.509 support:
13
14    sun.security.util ... holds DER utilities, for parsing and generating
15	streams of DER-encoded data values, including object identifiers.
16
17    sun.security.x509 ... basic X.509 certificate parsing and generation
18	framework, including X.509 keys, X.500 names, algorithm IDs,
19        X.509 v3 extensions, and more.
20
21+++	+++	+++	+++	+++	+++	+++	+++	+++
22
23Information which may be useful when you work with X.509 certificates is
24found in:
25
26    The IETF has a public key infrastructure working group, PKIX.
27    See http://www.ietf.org for more information.
28
29    RFC 1422, which describes the key management infrastructure for
30    the Privacy Enhanced Mail (PEM) system.  It builds on X.509,
31    and is perhaps the most useful overview I've found.
32
33    RFC 1777, which describes the Lightweight Directory Access
34    Protocol (LDAP) that many organizations are expecting will help
35    address online certificate distribution over the Internet.
36
37    RFC 5280, which describes the Internet X.509 Public Key
38    Infrastructure Certificate and CRL Profile.
39
40    RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which
41    have been relatively well accepted.  They build on top of the X.509
42    infrastructure.  You can FTP them from ftp://ftp.rsa.com/pub/pkcs, in
43    either PostScript or ASCII format.
44
45    RSA DSI has also provided a "Layman's Guide" to ASN.1/DER, with
46    examples from the X.509 and PKCS standards.  This is available from
47    the PKCS FTP area noted above.
48