KEMBAR78
X.509 and Digital Certificates Guide | PDF | Public Key Cryptography | Public Key Certificate
Scribd
Upload
137 views5 pages

X.509 and Digital Certificates Guide

Digital certificates provide a way to verify digital signatures and identities online. They contain a public key that is digitally signed by a Certificate Authority, along with information about the subject's identity. Certificate Authorities can range in scope from large commercial organizations that issue certificates to millions of users, to internal departments within a company that issue certificates to a smaller number of users. The X.509 standard defines a framework for authentication using public key cryptography and digital signatures stored in an X.500 directory, which acts as a repository for public key certificates.

Uploaded by

Shiva prasad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
137 views5 pages

X.509 and Digital Certificates Guide

Digital certificates provide a way to verify digital signatures and identities online. They contain a public key that is digitally signed by a Certificate Authority, along with information about the subject's identity. Certificate Authorities can range in scope from large commercial organizations that issue certificates to millions of users, to internal departments within a company that issue certificates to a smaller number of users. The X.509 standard defines a framework for authentication using public key cryptography and digital signatures stored in an X.500 directory, which acts as a repository for public key certificates.

Uploaded by

Shiva prasad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Digital Certificates and

X.509 Authentication Service

Digital Certificates
„ A digital certificate is:
„ An assertion
„ Digitally signed by a “certificate authority”
„ An assertion
„ Can be anything
„ Usually an identity assertion
„ Can also be a list of authorizations

2
Public-Key Certificates
reliable distribution of public-keys
„ public-key encryption

„ sender needs public key of receiver


„ public-key digital signatures
„ receiver needs public key of sender
„ public-key key agreement
„ both need each other’s public keys

Digital Certificates
„ A certificate authority (CA) is
„ Someone who signs certificates
„ Has a “known” public key
„ Is “famous” enough for this to be useful
„ Thus, a certificate is
„ A cryptographic proof that the CA believes
the assertions

4
X.509 Certificate Authority Scope
A CA can vary dramatically in scope.
„ At the large end are commercial CAs like Thawte,
Verisign, Belsign, GTE Cybertrust or others.
„ These commercial CAs issue certificates to millions of
users.
„ At the smaller end are CAs operated by
departments within a company:
„ These CAs issue certificates to a small number of users.
„ These smaller CAs may be intermediate CAs whose
certificates are signed by higher-level CAs inside the
organization.

X.509 Authentication Service


Introduction

„ ITU-T X.509:
„ Part of X.500 Directory Services

„ Issued in 1988; revised in 1993 and 1995

„ Defines a framework for authentication service

using the X.500 directory


„ Repository of public-key certificates

„ Based on use of public-key cryptography and

digital signatures
„ Recommends use of RSA

6
X.500 Directory
„ X.500 Directory
„ Repository of public-key certificates

„ Public key of user

„ Signed with private key of trusted third

party

„ Server (or set of servers) that maintain a user


information database
„ Mapping from user name to network address

„ Other user attributes and information

Public-key Certificates
„ Associated with user

„ Created by trusted third party


„ Certificate authority (CA)

„ Placed in directory by CA or by the user

„ Directory server
„ location for certificate access

„ does not create the certificates

8
X.509 Public-key Certificate Formats

Example of X.509 Certificate


Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division,
CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Validity
Not Before: Jul 9 16:04:02 1998 GMT
Not After : Jul 9 16:04:02 1999 GMT
Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64:b9:3d:41:b2:96:fc:f3:31:e1:
66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17:
16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b: c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77:
8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8:
e8:35:1c:9e:27:52:7e:41:8f
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:19:f6:ad:ef:63:2f:92:
ab:2f:4b:cf:0a:13:90:ee:2c:0e:43:03:be:f6:ea:8e:9c:67: d0:a2:40:03:f7:ef:6a:15:09:79:a9:46:ed:b7:16:1b:41:72:
0d:19:aa:ad:dd:9a:df:ab:97:50:65:f5:5e:85:a6:ef:19:d1: 5a:de:9d:ea:63:cd:cb:cc:6d:5d:01:85:b5:6d:c8:f3:d9:f7:
8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22:68:9f
10

You might also like