Usually, in cryptography, a certificate is understood as an electronic document confirming the right to own a public key.
The certificate in Cellframe is a file containing cryptographic keys.
Private certificate contains a pair of keys: closed (secret, private) and open (public, public). The private key is used to sign data sent to the network. The public key serves mainly to verify signatures made by its paired private key.
The Public certificate contains only the public key.
Certificates are generated using the cellframe-node-tool utility.
A private certificate is created with the command:
./cellframe-node-tool cert create <cert name> <key type> [<key length>]
– where <cert name> is certificate name;
<key type> - type of certificate, valid values: sig_bliss, sig_tesla, sig_picnic;
<key length> - not used.
An example of creating a new certificate named my-cert:
./cellframe-node-tool cert create my-cert sig_tesla
Certificate "my-cert" successfully serialized
The generated certificate file will be placed in the directory
$node_install_dir$/var/lib/ca/ 1)
You can check the contents of the certificate located in the above directory:
cellframe-node-tool cert dump <cert name>
Example:
./cellframe-node-tool cert dump my-cert
Certificate name: my-cert
Signature type: sig_tesla
Private key size: 16
Public key size: 16
Metadata section size: 0
Certificates signatures chain size: 0
We can generate a public certificate by exporting the public key from an existing private certificate to a new (empty) certificate that will be created in the same directory as the private one. For this we need the following command:
cellframe-node-tool cert create_cert_pkey <cert name> <new cert name>
Example:
cellframe-node-tool cert create_cert_pkey test_cert test_cert_pub
cellframe-node-tool cert dump test_cert_pub
Certificate name: test_cert_pub
Signature type: sig_dil
Private key size: 0
Public key size: 16
Metadata section count: 0
Certificates signatures chain size: 0
The node contains the public certificates of other nodes and its own public certificate in the $node_install_dir$/share/ca directory.
Working with certificates and related settings in configuration files when creating a new network is described in the article "Creating a Cellframe network using cellframe-node".
1) The $node_install_dir$ directory will be different for different operating systems:
/opt/cellframe-node - on Linux;C:\Users\Public\Documents\cellframe-node - on Windows;/Applications/Cellframe.app/Contents/Resources - on MAC OS X.