Communication is an essential part of the life and one can say that it marks the progress of the human beings. Traditional media for communication are the sending of letters through the Post Office, talking over the phone through the Telecommunications company or more commonly to speak directly with the other person. These traditional media have existed for a long period and special provisions have been made so that people can communicate in a rather secure way, either for personal or for bussiness communication. For face to face communication, people can recognise each other's physical characteristics and they can compare the signatures with that of official documents like an ID card. Mimicking all of the physical characteristics of a person is substantially difficult and people can accept with a very high level of certainty the identity of their collegue. Signature forging is rather difficult and there are special laws that regard forging as a crime. The bottom line is that for each communication medium, there is a transitional period when specific laws and technologies are set in order for people to communicate securely and transparently.
The Internet, as a network that interconnects networks of computers around the world, is a rather new medium for people to communicate. It is substantially different from existing ones and the laws and technologies to let the transparent and secure communication have not been fully defined yet.
Cryptography has provided us with Digital Signatures that resemble in functionality the handwritten signatures and the Digital Certificates that relate to the ID card or any other official document. However, in order to use these technologies, we need to make the necessary provisions so that their usage will be equally transparent and secure.
A software component that aids this transparancy and security of usage is the Certification Authority and thus the name of this open–source project, OpenCA.
The following introduction to cryptography has been taken from the excellent modssl FAQ, written by Ralf S. Engelschall.
Cryptography has several differences from pure mathematics and one of them is that the former are more descriptive in its textbooks. While a mathematician would use A and B to explain an algorithm, a cryptographer would use the fictious names Alice and Bob. Thus, in the next sections, the names Alice and Bob are not randomly chosen; they can be found in almost all cryptography textbooks.
Suppose Alice wants to send a message to her bank to transfer some money. Alice would like the message to be private, since it will include information such as her account number and transfer amount. One solution is to use a cryptographic algorithm, a technique that would transform her message into an encrypted form, unreadable except by those it is intended for. Once in this form, the message may only be interpreted through the use of a secret key. Without the key the message is useless: good cryptographic algorithms make it so difficult for intruders to decode the original text that it isn't worth their effort.
There are two categories of cryptographic algorithms: conventional and public key.
Conventional cryptography, also known as symmetric cryptography, requires the sender and receiver to share a key: a secret piece of information that may be used to encrypt or decrypt a message. If this key is secret, then nobody other than the sender or receiver may read the message. If Alice and the bank know a secret key, then they may send each other private messages. The task of privately choosing a key before communicating, however, can be problematic.
Public key cryptography, also known as asymmetric cryptography, solves the key exchange problem by defining an algorithm which uses two keys, each of which may be used to encrypt a message. If one key is used to encrypt a message then the other must be used to decrypt it. This makes it possible to receive secure messages by simply publishing one key (the public key) and keeping the other secret (the private key).
Anyone may encrypt a message using the public key, but only the owner of the private key will be able to read it. In this way, Alice may send private messages to the owner of a key–pair (the bank), by encrypting it using their public key. Only the bank will be able to decrypt it.