Create X.509 certificate - needed very much!

[TheVAL]

Hi!
I have such a program to build:

Write a program that creates a valid X.509 standard compliant root certificate on your name and issued by yourself (you can freely choose the values for other “meaningful fields”). You should use RSA algorithm for your public key and your digital signature and freely chose a message digest algorithm supported by X.509 standard (e.g. MD5 or SHA-1).

I am searching througt the web for hours to find some libraries or some example code where I could get help in this task. I found a CML (Certificate Management Library) but I am not sure if there are things I need. There is no examples and I can't understand a bit of it. Could someone help me a bit by answering to some questions I can't figure out by myself:
1) To create a certificate in this case means to create a "*.der" file which is formed in agreement with X.509 needs. Is it so?
2) Where can I clearly see what information in what sequence and what amount is to b included in such certificate?
3) How can I make such "*.der" file? I can imagine like that - creating some struct in C++ with needd fields and then trying to encode this struct in file. Is it so? If so, where can I find some tools to make such encoding? Or an information of how such encoding must be done?

I am really desperate about getting to know all this about certificates and creating one. I really need to get done with it in a very short time. Can someone help?

Edgars.

[TheVAL]

OK, I found some infromation and made a certificate - `*.cer` file! Now I have such a task:

Write a program that verifies your certificate (since it is a root certificate, it is sufficient to check whether certificate issuer and subject are the same and whether a digital signature of the issuer matches the subject’s public key).

So, I have a question - what does it mean to verify my certificate (my `*.cer` file)? I must look, if issuer and subjects fields in this file are the same? And what about this 2nd request - I must look, weather or not subject's public key matches what? The digital signature of what? Is that the signature coming along the certificate or what? I have mixed all up, I guess..

[jonnin]

Presumably its standard public key encryption, which implies your going to need a large integer class (storage for 500 digit numbers or larger!!). You can "fake it" with 64 bit numbers (which most 32 bit machines have hacks for) to test out your algorithms if its not required to be secure. So basically you need to encrypt and decrypt the file, it sounds like to me, along with comparing the fields (which should be trivial, a string compare and your done)

I do not know the file format here so thats all I can say, not sure what part(s) are encrypted or if its just a wad on the end or what you have...