Sep 29,2009 by alperen
A digital certificate is a form of credential much like a driver’s license or a passport in the paper-based world. Like its paper counterparts, the digital certificate has information on it that identifies the holder, plus some uninvolved third-party authorization, which indicates they confirmed the holder’s identity.
A digital certificate has additional information included with the holder’s public key that helps others to verify the key is genuine. This additional information, like a person’s picture on a driver’s license or a passport, can thwart attempts to substitute an unauthorized public key.
A digital certificate contains the following three items:
Public key
Certificate information�"Identifying information about the holder, such as ID, name, and so forth
One or more digital signatures
The digital signatures indicate the certificate information was verified and attested to by a trusted independent third party. Understanding that the digital signature doesn’t guarantee the authenticity of the certificate as a whole is important. What it verifies is only that the signed identity information belongs to or is bound to the attached public key. Don’t let this get too complicated. In the case of a passport, the government is verifying that the picture and identifying information belong to the passport number. But, the passport can be expired or revoked by a court order. Similarly, digital certificates can expire or be revoked.
Conceptually, a digital certificate is a public key with a tag containing one or more forms of ID, plus a seal of approval by a trusted third party. Figure 11-3 shows a conceptual representation of a digital certificate.
Sections
Syndication
