Certificates is the combination of public key, the identity of the user and the
certifying authority details. In other words, it is a digital certificate that
uses X.509 public key infrastructure (PCI) standard to verify that a public key
belongs to the user, computer or service identity. Since, it composes of public
key, it identifies the requirements of public key cryptography. In simple
words, it defines all the attributes of public key cryptography.
verification of X.509 certificate is done by CAs (Certificate Authority). Here,
CA verifies the identity of requester. It sends or encrypt and then encode and
issues the certificate.
of X.509 certificate
structure of X.509 certificate can be explained in details as follows: –
Issuer Unique ID
Subject Unique ID
It implies which X.509 version applies to the certificate. It also denotes what
data should be included in the certificate.
no.: – It implies unique identity in the form of serial
number, to distinguish from other certificates.
Algorithm Identifier: – It tells about the algorithm used
by the issuer, generally a certificate authority to send the certificate.
name: – It denotes the name of the entity, issuing the
period: – It denotes/ indicates the start / end date and also
the type of issuing certificate.
name: – It indicates the name of the identity; the
certificate is issued to.
key information: – It denotes the public key associated
with the subject/identity.
Unique ID: – It indicates unique Identity of the
issuer, but is optional.
Unique ID: – It is also option. It denotes the
unique identity of the certificate that is issued to.
It’s optional as well.
every version of X.509 has version, serial no., signature algorithm identifier,
issuer name, validity period, subject name and public key information. Version
1 doesn’t contain issuer unique ID, subject unique ID, and extensions. Version
2 contains issuer unique ID and subject unique ID additional to version 1. Likewise,
version 3 contains all this additional information.
certificate’s importance for information security
certificate is the standard which defines all the attributes of public key
cryptography. Since, the certificate relies on hash key which are
mathematically related. Here, private key is kept secret and public key is
distributed among users. Therefore X.509 standard has specific rule for
providing public key to the users which are authorized by the certificate
authorizer, that helps in maintaining network traffic control and also
maintaining the standard that is set for encrypting and decrypting the
contents. Similarly, X.509 certificate is used to prove identity and to protect
one from being tampered.
a XYZ company had a certificate issued to XYZtraining.com, the name of the
website could be included as a field in a certificate. When the certificate is
downloaded to a client computer, the client computer checks the name on the
certificate to see if it matches the website that they are trying to access. If
it does the certificate will be issued.
if the similar certificate is obtained by another website and an attempt is
made to use it, the certificate would be rejected as the website and name in
the certificate do not match.
if the name in the certificate is changed as the fields in certified can be
edited or changed and an attempt is made to use it, here digital signature in
the X.509 certificate plays its role. Since, it doesn’t match the data in the
certificate and the certificate will be rejected.
is why X.509 certificate is important.
function: – This encryption function uses the same
key to encrypt as well as to decrypt the data. This generally makes it faster method
of encryption and decryption as compared to asymmetric function. As it uses the
similar key for encrypting and decrypting data firstly the key needs to be
stored securely and secondly secure channel is required to transfer the key.
function: – Asymmetric function uses two keys; one
for encrypting data and another for decrypting data. These two keys are known
as public key and private key. This function is also called public key
encryption method. This function is slower than symmetric function.
function: – Hash function is a one-way encryption
method which uses no key. Instead, it uses hash value which is in fact a
fixed-length mathematical value, computed based on plain text. Hash function is
usually an algorithm that supports the concept of fingerprint for accessing
file contents which makes sure whether the contents had been altered by the
intruder or virus.
of these cryptographic function
first thing to understand during employment of cryptographic functions in X.509
certificate is the hash value. It is the value which represents the
certificate. Hash value is calculated by putting the certificate through a
mathematical function to produce a value. A simple hash function would be to
add each byte in a file together to obtain a single number. However, more
complex value is used in the original X.509 certificate. The hash value is put
through a mathematical function using the symmetric key to generate digital
signature. This digital signature is then added to the X.509 certificate. This
is shown in steps as follows: –
that the digital signature had been added to the certificate it can be used
later to check that the certificate has not been altered or damaged. For this
the digital signature is put through a mathematical function using public key.
The result of this should be the original hash value. If this value is not
obtained then the person must understand that the X.509 certificate is corrupt
or has been intruded.
Here, the hash is a one-way process which means we
cannot use the hash value to generate the original X.509 certificate. This
means that even though the private key is used in the process, it is not
possible to use the digital signature to obtain the private key.