Main Area and Open Discussion > General Software Discussion

How do i create a valid personal certificate for Securezip for encryption?

(1/2) > >>

hulkbuster:
Hello i have a nagging problem with this certificate which is required by this program called SecureZip for encryption and later which could be easily decrypted by a public key.
I managed to get my hands on a free program called Docentric.CertTool
Here is the website:
https://ax.docentric.com/free-self-signed-certificate-generator/

I managed to create a personal certificate, but when i open Securezip.
It shows as not valid but still i can select that certificate and furthure create and encrypt a zip file.
I hope it is understanable till this point.
How do i create a valid personal certificate for Securezip for encryption?
How do i create a valid personal certificate for Securezip for encryption?
I don't understand if its a x509 certificate that is required or what is.
As this is my first time and trying to encrypt a zip with a private key certificate using Securezip.
What would u suggest for this problem.

Shades:
'Self-signed'
That is the term to focus on.

In general, there is nothing wrong with them, they function the same as a certificate you would procure from a certificate authority. And yes, it is very likely a .x509 certificate.
However, because you are the self-signing party, there is no tool/company, who would trust this type of certificate. And that is a very big part of the encryption process. Why this lack of trust? You are are unknown as a certificate authority. How reliable are you, as in will you be in business long enough to validate a certificate you authorized? What is the business plan? You will never be able to satisfy each of the users, so you won't be able to satisfy the need of any user. That renders them in essence useless.

Or do they?
Well, it isn't hard to install yourself to the list of parties that the operating system trusts as certificate authority. You can repeat that procedure on every computer and now you can use your own self-signed certificates as completely valid. But it will be be for your own network, nowhere else. If this satisfies your use case, then there is no real problem using self-signed certificates.

But, sooner or later, your use-case is likely to change and you wish to share your encrypted zip file with someone outside your network for whatever reason. Well, now you have a big problem. That external user won't install your self-signed certificate, they will likely also have their doubts about possible corruption during transport of your self-signed certificate. So this encrypted date will remain hidden for that external user. Now we're back to your certificates being useless to anyone but you.

And that is kinda the point of certificates, it is intended to be a secure way of transporting trustworthy data between parties that are not part of the same network.

Procuring a certificate from an organization like Let'sEncrypt is usually without cost. But these certificates are 90 days valid and very likely configured for encrypting HTTP connections and nothing else. You can buy certificates for different purposes. Those are usually valid for 1 year, but, depending on their purpose(s), pricey. As in more than 1000 USD per year. But, as you now use a commercial certificate authority, your computer/phone/tablet/etc. will be able to establish a secure communication channel without manual interaction on your end or on the 3rd party's end.

Then there is another problem. But related to certificates in general, not specifically self-signed certificates.

When certificates are generated, there is a validity period involved. The end date of that period...can have some unintended side-effects. Say, you have photos from a closed bedroom event. While those were created with consent of all parties involved, those should never be publicly available. So you use certificates to encrypt the archives from these photos. All is well and good. Until you wish to open those archives for purpose of reminiscence on any date after the certificate's validity period. Chances are that your archived data became unavailable to yourself as well.

You will now keep track of certificate validity periods and re-create archives using updated certificates. If you think making backups of unencrypted data is already a hassle...you'll open Pandora's box when introducing encryption to those processes.

Sure, you can set very long validity periods (10 years is the maximum, if memory serves), but with such a long validity period, you'll undermine the security aspect of certificates in a very big way. One year is about as long as any certificate should be valid. But shorter periods are usually better.

BGM:
Just wanted to throw in here about certificates - I found this nifty thing called OpenSSL Wizard which uses, obviously, OpenSSL.  But the gui is presented in a way that I found really helpful for the guy who has to get or make a certificate file of some sort but only needs it very rarely and so only wants to learn just enough to get past the job and on to other things.

hulkbuster:
Thank u for ur time(Shade and BGM), i think Shade said a lot about x509 certificates.
However i need that certificate only for data signing, predominantly which the program SecureZip for Windows (from PKZip) offers.
Which requires a private key and a public key to decrypt if i need to send some important files to my friends.
Yes it was x509 certificate and not SSL certificate, which is require by the browser to website connection.
Pretty darn complicated methods and to get just a simple task done.



One video i had made about how the encryption with a private key would look like.
I missed where i kept that certificate, it was valid.
I found a site where u can create ur own self signed certificates:
Create A Self Signed x509 Certificate Using OpenSSL on Windows
https://www.linkedin.com/pulse/create-self-signed-x509-certificate-using-openssl-windows-bhosale/

Another:
https://www.openssl.org/

Could anyone tell me how do i use this tool, there is no openssl.exe.
Does it run from a command line or from a Linux command line. :huh:
How do i create a valid personal certificate for Securezip for encryption?

How do i run this tool OpenSSL
I don't know it this is any similar to OpenSSL Wizard mentioned by BGM

BGM:
The tool I pointed to was just a GUI for OpenSSL.  If you install OpenSSL, it offers the option to add it to the PATH, I think.  You use it in the console, normally.  If not in the PATH, then you'd have to either use the full path to the exe or you have to change the console's DIR to the folder where the exe is.

The exe is here for me:
C:\Program Files\OpenSSL\bin\openssl.exe

Navigation

[0] Message Index

[#] Next page