Digital certificate: Difference between revisions
imported>Howard C. Berkowitz (New page: {{subpages}} Computer and communications security mechanisms that depend on public key encryption require confidence in the existence of a trusted means of obtaining the public key...) |
mNo edit summary |
||
| (3 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{subpages}} | {{PropDel}}<br><br>{{subpages}} | ||
Computer and communications security mechanisms that depend on [[public key | Computer and communications security mechanisms that depend on [[public key cryptography]] require confidence in the existence of a trusted means of obtaining the [[public key]] associated with the source of information to be decrypted. which is usually called a '''digital certificate'''. The administrative, organizational steps needed to make public key practical is called [[public key infrastructure]] (PKI). | ||
According to the [[Internet Engineering Task Force]] specification for such certificates, they are data structures that bind public key values to the rightful holder of the certificate. The binding is asserted by having a trusted [[certification authority]] (CA) [[ digital signature | digitally sign]] each certificate. "The CA may base this assertion upon technical means (a.k.a., proof of possession through a [[challenge-response protocol]]), presentation of the [[private key]], or on an assertion by the subject. A certificate has a limited valid lifetime, which is indicated in its signed contents. Because a certificate's signature and timeliness can be independently checked by a certificate-using client, certificates can be distributed via untrusted communications and server systems, and can be cached in unsecured storage in certificate-using systems. <ref name=RFC5280>{{citation | |||
|id = RFC5280 | |id = RFC5280 | ||
|title = Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile | |title = Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile | ||
| Line 17: | Line 19: | ||
==References== | ==References== | ||
{{reflist}} | {{reflist}}[[Category:Suggestion Bot Tag]] | ||
Latest revision as of 06:01, 7 August 2024
| This article may be deleted soon. | ||
|---|---|---|
 Computer and communications security mechanisms that depend on public key cryptography require confidence in the existence of a trusted means of obtaining the public key associated with the source of information to be decrypted. which is usually called a digital certificate. The administrative, organizational steps needed to make public key practical is called public key infrastructure (PKI). According to the Internet Engineering Task Force specification for such certificates, they are data structures that bind public key values to the rightful holder of the certificate. The binding is asserted by having a trusted certification authority (CA) digitally sign each certificate. "The CA may base this assertion upon technical means (a.k.a., proof of possession through a challenge-response protocol), presentation of the private key, or on an assertion by the subject. A certificate has a limited valid lifetime, which is indicated in its signed contents. Because a certificate's signature and timeliness can be independently checked by a certificate-using client, certificates can be distributed via untrusted communications and server systems, and can be cached in unsecured storage in certificate-using systems. [1] While there are many details, think of a digital certificate as if it were a typical official document such as a passport:
References
|
||
