X.509
Certificate Overview

X.509
Certificates is the combination of public key, the identity of the user and the
certifying authority details. In other words, it is a digital certificate that
uses X.509 public key infrastructure (PCI) standard to verify that a public key
belongs to the user, computer or service identity. Since, it composes of public
key, it identifies the requirements of public key cryptography. In simple
words, it defines all the attributes of public key cryptography.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

The
verification of X.509 certificate is done by CAs (Certificate Authority). Here,
CA verifies the identity of requester. It sends or encrypt and then encode and
issues the certificate.

Structure
of X.509 certificate

The
structure of X.509 certificate can be explained in details as follows: –

Version

Serial Number

Signature Algorithm
Identifier

Issuer Name

Validity Period

Subject Name

Public Key
Information

Issuer Unique ID
(optional)

Subject Unique ID
(optional)

Extensions (optional)

 

Version:

It implies which X.509 version applies to the certificate. It also denotes what
data should be included in the certificate.

Serial
no.: – It implies unique identity in the form of serial
number, to distinguish from other certificates.

Signature
Algorithm Identifier: – It tells about the algorithm used
by the issuer, generally a certificate authority to send the certificate.

Issuer
name: – It denotes the name of the entity, issuing the
certificate.

Validity
period: – It denotes/ indicates the start / end date and also
the type of issuing certificate.

Subject
name: – It indicates the name of the identity; the
certificate is issued to.

Public
key information: – It denotes the public key associated
with the subject/identity.

Issuer
Unique ID: – It indicates unique Identity of the
issuer, but is optional.

Subject
Unique ID: – It is also option. It denotes the
unique identity of the certificate that is issued to.

Extensions:

It’s optional as well.

Since,
every version of X.509 has version, serial no., signature algorithm identifier,
issuer name, validity period, subject name and public key information. Version
1 doesn’t contain issuer unique ID, subject unique ID, and extensions. Version
2 contains issuer unique ID and subject unique ID additional to version 1. Likewise,
version 3 contains all this additional information.

X.509
certificate’s importance for information security

X.509
certificate is the standard which defines all the attributes of public key
cryptography. Since, the certificate relies on hash key which are
mathematically related. Here, private key is kept secret and public key is
distributed among users. Therefore X.509 standard has specific rule for
providing public key to the users which are authorized by the certificate
authorizer, that helps in maintaining network traffic control and also
maintaining the standard that is set for encrypting and decrypting the
contents. Similarly, X.509 certificate is used to prove identity and to protect
one from being tampered.

For
e.g.

If
a XYZ company had a certificate issued to XYZtraining.com, the name of the
website could be included as a field in a certificate. When the certificate is
downloaded to a client computer, the client computer checks the name on the
certificate to see if it matches the website that they are trying to access. If
it does the certificate will be issued.

But
if the similar certificate is obtained by another website and an attempt is
made to use it, the certificate would be rejected as the website and name in
the certificate do not match.

Likewise,
if the name in the certificate is changed as the fields in certified can be
edited or changed and an attempt is made to use it, here digital signature in
the X.509 certificate plays its role. Since, it doesn’t match the data in the
certificate and the certificate will be rejected.

This
is why X.509 certificate is important.

Various
cryptographic functions

Symmetric
function: – This encryption function uses the same
key to encrypt as well as to decrypt the data. This generally makes it faster method
of encryption and decryption as compared to asymmetric function. As it uses the
similar key for encrypting and decrypting data firstly the key needs to be
stored securely and secondly secure channel is required to transfer the key.

Asymmetric
function: – Asymmetric function uses two keys; one
for encrypting data and another for decrypting data. These two keys are known
as public key and private key. This function is also called public key
encryption method. This function is slower than symmetric function.

Hash
function: – Hash function is a one-way encryption
method which uses no key. Instead, it uses hash value which is in fact a
fixed-length mathematical value, computed based on plain text. Hash function is
usually an algorithm that supports the concept of fingerprint for accessing
file contents which makes sure whether the contents had been altered by the
intruder or virus.

Employment
of these cryptographic function

The
first thing to understand during employment of cryptographic functions in X.509
certificate is the hash value. It is the value which represents the
certificate. Hash value is calculated by putting the certificate through a
mathematical function to produce a value. A simple hash function would be to
add each byte in a file together to obtain a single number. However, more
complex value is used in the original X.509 certificate. The hash value is put
through a mathematical function using the symmetric key to generate digital
signature. This digital signature is then added to the X.509 certificate. This
is shown in steps as follows: –

 

 

 

 

 

 

 

                                                                                                                            

 

 

Now
that the digital signature had been added to the certificate it can be used
later to check that the certificate has not been altered or damaged. For this
the digital signature is put through a mathematical function using public key.
The result of this should be the original hash value. If this value is not
obtained then the person must understand that the X.509 certificate is corrupt
or has been intruded.

 

 

 

 

 

 

 

 

 

 

 

 

Here, the hash is a one-way process which means we
cannot use the hash value to generate the original X.509 certificate. This
means that even though the private key is used in the process, it is not
possible to use the digital signature to obtain the private key.