Cryptography Reference
In-Depth Information
Table 11.1:
Fields of an X.509 Version 3 public-key certificate
Field
Description
Version
Specifies the X.509 version being used (in this case V3)
Serial Number
Unique identifier for the certificate
Signature
Digital signature algorithm used to sign the certificate
Issuer
Name of the creator of the certificate
Validity
Dates and times between which the certificate is valid
Subject
Name of the owner of the certificate
Public-Key Info.
Public-key value; Identifier of public-key algorithm
Issuer ID
Optional identifier for certificate creator
Subject ID
Optional identifier for certificate owner
Extensions
A range of optional fields that include:
Key identifier
(in case owner owns several public keys);
Key usage
(specifies usage restrictions);
Location of revocation information
;
Identifier of policy relating to certificate
;
Alternative names for owner
.
the public-key management system. The most well known public-key certificate
format is probably X.509 Version 3. The entries (or
fields
) of an X.509 Version 3
public-key certificate are shown in Table 11.1. The public-key certificate itself
consists of all the information inTable 11.1 plus a digital signature on the contents,
signed by the certificate creator.
INTERPRETING A PUBLIC-KEY CERTIFICATE
It is important to recognise that a public-key certificate binds the assurance-of-
purpose data relating to a public key to the public-key value, but does
nothing
more than this
. In particular:
A public-key certificate cannot be used to encrypt messages or verify digital
signatures
. A public-key certificate is simply a statement that the public key
contained in it belongs to the named owner and has the properties specified in
the certificate. Of course, once the certificate has been checked, the public key
can be extracted from the certificate and then used for its specified purpose.
