X.509 certificates
Cryptography
Identity? Digital ID? -> X.509 certificates
A X.509 certificate is just a digital ID. With that digital ID it can be decided, if the party showing this ID is who he claims to be.
[Example: https://www.google.com/]
X.509
Who does guarantee that?
The trust center!
Now, how does this work?
During the creation of a SSL connection or when a signature is verified, a certificate is transferred. This certificate states, that it is the server / communication partner of your trust. To verify that, the transferred certificate is read, its validity is tested and the publisher is determined. After that the validity of the publisher certificate is determined and then again the publisher. This will continue until the RootCA is reached. The RootCA certificate and all intermediate certificates have to be located in a trust store on the system, which conducts the check (be installed). Those certificates are trusted in principle.
X.509
- public key of the communication partner
- application of key (incl. "critical flags")
- e.g. CA, for S/MIME, SSL /key change, digital signature of documents
- date information of the validity
- used algorithms
- serial number
- reference to black lists OCSP responder
- reference to the publisher
- more OIDs
- 1.2.840.113533.7.65.0 - certificate extension for entrust version
- 1.2.840.113533.7.65 - Secure Networks Certificate Extensions
- 1.2.840.113533.7 - Entrust Technologies
- 1.2.840.113533 - Nortel Networks
- 1.2.840 - USA
- 1.2 - ISO member body
- 1 - ISO assigned OIDs
Keine Kommentare:
Kommentar veröffentlichen