MXC Software Logo  
MXC Software provides low cost software to protect your digital assets.  
HomeSolutions/ProductsDeployment/InstallationAbout CryptographyUser ManualTutorialFAQ

  What Is Cryptography?
  Digital Signature
  Digital Certificate
  Certificate Trust Model
  Countersignatures
  Key Storage
  Summary
  Further Readings
 

Digital Certificate

You now understand how public key cryptography works. You also know that you need to distribute your public key to other people in order for them to send messages to you securely. In this section you will learn what a digital certificate is and what comprise a digital certificate.

What Does A Public Key Look Like?

Be aware that a public key is only a series of digits; it does not make any sense to human. Here is an example of a 512 bit RSA public key displayed in hex format:

3048 0241 00E4 EEDC 2635 5217 1FAB C7E7 9AD2 B7B0 F30E EC04 4A6E 6054 D3A1 10C5 B130 B4FB 8ACA 7928 7E00 870F 98ED FF78 2CDC B9FA 916A B76F 585B 5455 50CD E87A FD0B FEA0 D102 0301 0001

Does it make any sense to you? Maybe not. In addition when you get a public key like this, you also want to know whom this key belongs to, right? A digital certificate (or certificate) binds the owner's public key, name, email and other necessary information together and makes it more convenient and reliable to make your public key public.

There is a more important reason for using certificates: certificate trust. We will talk about this later in section Certificate Trust Model.

Now let's take a look at what are included in a certificate.

X.509 v3 Certificate Format

A standard X.509 v3 certificate contains the following standard fields:

  • Certificate version
  • Serial number of the certificate
  • The distinguished name of the certificate issuer
  • The distinguished name of the certificate owner
  • The validity period of the certificate
  • The public key
  • The digital signature of the issuer
  • Signature algorithm used
  • Zero or more certificate extensions

Note: An example distinguished name looks like this: CN=Michael Davis, E=mdavis@mxcsoft.com, OU=Sales, O=MXC Software, C=US.

Certificate Types

Certificates that are used to digitally sign other certificates are called CA certificates. All other certificates are called end entity certificates. A CA certificate issued by yet another CA is called intermediate CA certificate. A CA certificate issued by the CA itself is called root CA certificate.

A CA-issued certificate is issued by a CA. A self-signed certificate is issued to a user by the user himself. iSafeguard™ support both, i.e. you may use certificates you generated yourself or certificates from CAs.

In iSafeguard™ certificates are stored in four certificate stores. The following table summarizes the certificate types we described above.

Certificate Type Description
Personal End entity certificates with private keys
Others End entity certificates without private keys
Intermediate CA Intermediate CA certificates
Root CA Root CA certificates

We will discuss the trust rules of all these certificate types in section Certificate Trust Model.


Trademarks Copyright ?2001-2007 MXC Software. All rights reserved.