Sunday, May 27, 2012

Public Key Infrastructure (Digital Cert )


In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document which uses digital signature to bind a public key with an identity; information such as the name of a person or an organization, their address, and so forth. The certificate can also be used to verify that a public key belongs to an individual.
In a public key infrastructure (PKI) scheme, the signature will be the certificate authority (CA). In a web of trust scheme, the signature is of either the user (self-signed certificate) or other users (endorsements). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
For provable security, this reliance on something external to the system has the consequence that any public key certification scheme has to rely on some special setup assumption, such as the existence of a certificate authority.
Certificates can be created for Unix-based servers with tools such as OpenSSL’s ca command or SuSE’s gensslcert. These may be used to issue unmanaged certificates, CA certificates for managing other certificates, and user and/or computer certificate requests to be signed by the CA, as well as a number of other certificate related functions.
In order to make sure that a digital certificate is real or valid, it must have the follow contents:
Serial Number -- Used to uniquely identify the certificate.
Subject -- The person, or entity identified.
Signature Algorithm -- The algorithm used to create the signature.
Signature -- The actual signature to verify that it came from the issuer.
Issuer -- The entity that verified the information and issued the certificate.
Valid-From -- The date the certificate is first valid from.
Valid-To -- The expiration date.
Key-Usage -- Purpose of the public key (e.g. encipherment, signature, certificate signing...).
Public Key
Thumbprint Algorithm -- The algorithm used to hash the public key.
Thumbprint -- The hash itself, used as an abbreviated form of the public key.

http://en.wikipedia.org/wiki/Public_key_certificate
Posted by at

1 comment:

  1. TimothyMay 29, 2012 at 7:06 PM

    good report, i like that you put elaborated information on the different contents of the certificate.

    is there any products that use PKI? i also like to see how the PKI works in more detail thanks.

    ReplyDelete

Subscribe to: Post Comments (Atom)