Digital Certificates

Albert Levi, Sabanci University, Turkey

Introduction

Certificate Structure

X.509v3 Certificate Characteristics and Structure

X.509v3 Extension Fields

Other Types of Certificates

Issues and Discussions

Certificate Revocation

Certificate Distribution

Certificates as Electronic IDs

Privacy Concerns

PKIX and X.509

Application Protocols Based on X.509 Certificates

Key Players in the Industry and Their

Certification Practices

Certificate Classes

PKCS Standards Related to Certificates

Summary and Conclusion

Glossary

Cross References

References

INTRODUCTION

Public key cryptography has become popular in information and telecommunication security. Algorithms in this family use two different, but related, keys. One of them is kept private by the key owner, and the other is made public. The private key is used to decrypt messages as well as to sign digital information. The corresponding public key is used to encrypt messages and to verify digital signatures. Because these latter operations can be done by anyone, public keys need to be made public. Although public keys are widely known, it is not computationally feasible to obtain a private key using the corresponding public key.

Public key distribution is not an easy task. Public keys can be distributed through global directories or servers, but the key must be bound to the holder's identity. Without binding, the key holders could use any name they wanted. For example, suppose Charlie creates a key pair and publishes the ...