Two parties – the owner of the certificate
and its issuer – now know the private key.
The intended use and the potential risks
determine how grave a problem this would
be. An operator of a website wanting to
identify his users by way of a self-created
client certificate will not have a problem
with the method. Another disadvantage is
the way in which the private key is transferred, which should be protected from the
prying eyes of unauthorized third parties.
This normally means password protection.
CodeMeter offers a simple means of securely
transferring private keys. A license (which
can contain keys in the data) can be placed
on a CmContainer by remote programming.
The user first creates a remote context file
(WibuCmRaC) with the public key of the
chosen CmContainer. The creator of the
license uses this to create a remote update
file (WibuCmRaU). The license data in that
file is encrypted and can be decrypted only
by the right CmContainer. Decryption takes
place within the container itself, so that the
private key is never present in clear text
form outside of this secure environment.
CodeMeter makes creating and distributing
private keys and certificates easy.
Self-Signed Certificates
A self-signed certificate is a type of certificate that one creates by means of one’s
private key. It is a simple way of creating
certificates, especially for trial purposes. For
a self-signed certificate to be accepted, it
normally has to be added manually to the
list of trusted certificates. This typically
limits their use to testing and trials.
Code signature
the server. The server can then read the
certificate and award specific access rights,
e.g. for named organizational units (OU).
simply by plugging the right CmDongle into
the controller or PC.
Code signing certificates are a third type
of application, with software developers
signing their code, whose genuine origin
is verified by means of a correct certificate.
Windows’ built-in system was originally
designed to protect end users from malware
and viruses. CodeMeter now uses the
same idea to protect the integrity of entire
embedded devices.
Certificates are an essential tool for identifying individuals or devices and for
verifying whether data is genuine. Certificates and the private keys allocated to them
can be used to establish truly secure lines of
communication. They are an ideal addition
to licensing and copy protection systems like
CodeMeter. CodeMeter has been designed
to work hand-in-hand with certificates and
private keys, which are stored in a secure
and unreadable format in CmContainers.
CodeMeter supports the X.509 standard as
well as a lean proprietary format for systems
with limited resources.
Private Key & Certificate
CA
Key &
Certificate
Conclusions
Easy way to get a Certificate
Typical Use Cases
A typical area of application for certificates
is their use as server certificates, which
establishes the identity of a web server and
encrypts the communication between end
users’ browsers and that server.
Client certificates are another form. The
operator of a website creates and distributes certificates, that browsers use in
combination with the private key to access
Other use cases include the encryption of
email messages or the new German identity
card (NPa).
OPC UA
OPC UA (OLE for Process Control Unified
Architecture) also relies on certificates,
which are used as server and client certificates. CodeMeter again makes easy work
of creating and managing these certificates.
Finished certificates can be distributed
5