X.509

In cryptography, X.509 is a standard for public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.


In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name or a email address.

Structure of a certificate

The structure of a X.509 v3 digital certificate is as follows:

  • Certificate
    • Version
    • Serial Number
    • Algorithm ID
    • Issuer          A CA company
    • Validity
      • Not Before
      • Not After
    • Subject
    • Subject Public Key Info
      • Public Key Algorithm       RSA
      • Subject Public Key          
    • Issuer Unique Identifier (Optional)
    • Subject Unique Identifier (Optional)
    • Extensions (Optional)
      • ...
  • Certificate Signature Algorithm  MD5with RSA
  • Certificate Signature

 A certificate can be verified by a root certificate in which the public key is used to decrypt the signature to get the MD5 hash value. If the value matches the MD5 hash value calculated, then it is a valid certificate.


PKCS#12:  .p12, certificate + private key (password protected), a file format.


Posted on: Jun 26, 2008

Posted by: Qing-Ming Jeff Cai

Category: Sun

Permanent link to this entry

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by Qing-Ming Jeff Cai