Public key (digital) certificates

Documents issued by a Certification Authority (CA).

Bind a public key to an entity.
- Person, server, or service.
Are public documents.
- Do not contain private information, only public one.
Are cryptographically secure.
- Digitally signed by the issuer, and cannot be changed.

It can be used to distribute public keys in a trustworthy way.

A certificate receiver can validate it.
- With the CA’s public key.
If the signer (CA) public key is trusted, and the signature is correct, then the receiver can trust the (certified) public key.
- As the CA trusts the public key, if the receiver trusts the CA public key, the receiver can trust the public key.

X.509v3 standard

Mandatory fields.
- Version;
- Subject;
- Public key;
- Dates (issuing, deadline);
- Issuer;
- Signature;
- etc.
Extensions.
- Critical or non-critical.

PKCS #6

Extended-Certificate Syntax Standard.

Binary formats

ASN.1 (Abstract Syntax Notation).
- DER, CER, BER, etc.
PKCS #7
- Cryptographic Message Syntax Standard.
PKCS #12
- Personal Information Exchange Syntax Standard.

Other formats

PEM (Privacy Enhanced Mail).
base64 encodings of X.509.

PreviousDistribution of public keys NextKey pair usage

Last updated 10 months ago