Switch to standard view 
  Sybase logo
 
 
 



MobiLink transport-layer security and certificates

Section I: MobiLink transport-layer security and certificates


Section II: What is public-key cryptography?


Section III: What is a digital certificate?

 

 

  1. Identity information, such as the name and address of the certificate owner
  2. Public key
  3. Expiry date
  4. Digital signature, to prevent modification of the certificate

 

Digital signatures


Section IV: How certificates are used in MobiLink synchronization


Section V: Self-signed certificates


Making a new self-signed certificate


· self.crt This file contains the new certificate, including the identity information, public key, expiry date, and signature. You can give out copies of this file to people whom you wish to contact you.
· self.pri This file contains the private key that matches the public key encoded in the certificate. The private key is encoded using the password you supplied, providing a modest barrier to others with access to your machine. However, since password encryption is not very secure, you must restrict access to this file to maintain secrecy.
· serv1.crt This file contains the same information as the above two files, combined into one file. It is intended for use with a MobiLink synchronization server. The server sends the public information to identify itself to clients. It requires the private key to decode messages returned by the clients. You must restrict access to this file. It, too, contains a copy of the private key, protected only by the password.


Using a self-signed certificate


1 Supply a copy of the certificate to all clients. When they first contact the MobiLink synchronization server, the server will send them a copy of the public certificate, self.crt. The client can detect fake certificates by comparing the one sent by the server with the copy they already have.

2 Tell each client that it is to trust only servers that can decrypt messages encoded using the public key contained within the copy of the supplied public certificate. For Adaptive Server Anywhere clients, you do so using the trusted_certificates security parameter. For example, you can tell an Adaptive Server Anywhere client to trust only the self.crt certificate by including the following parameter in the ADDRESS clause of the SYNCHRONIZATION DEFINITION.

3 When you start the MobiLink synchronization server, specify the name of the server certificate file, serv1.crt, and the corresponding password. Enter the entire command on one line.



Back to Top
© Copyright 2010, Sybase Inc.