Digital certificate
This article may be deleted soon. | ||
---|---|---|
Computer and communications security mechanisms that depend on public key cryptography require confidence in the existence of a trusted means of obtaining the public key associated with the source of information to be decrypted. which is usually called a digital certificate. The administrative, organizational steps needed to make public key practical is called public key infrastructure (PKI). According to the Internet Engineering Task Force specification for such certificates, they are data structures that bind public key values to the rightful holder of the certificate. The binding is asserted by having a trusted certification authority (CA) digitally sign each certificate. "The CA may base this assertion upon technical means (a.k.a., proof of possession through a challenge-response protocol), presentation of the private key, or on an assertion by the subject. A certificate has a limited valid lifetime, which is indicated in its signed contents. Because a certificate's signature and timeliness can be independently checked by a certificate-using client, certificates can be distributed via untrusted communications and server systems, and can be cached in unsecured storage in certificate-using systems. [1] While there are many details, think of a digital certificate as if it were a typical official document such as a passport:
References
|