Web Site

Internet-description.com

» Internet » Topics begins with D » Digital certificate

Printer Friendly FormatPrinter Friendly Format
Bookmark page - Digital certificateBookmark this page
Back to InternetBack to "Internet"
Page modified: Saturday, June 24, 2006 10:36:48

Certificates confirm the affiliation of a kryptografischen key too:

  • a person/a company/an institution (e.g. during the PGP coding of files or enamels),
  • a machine (e.g. during the SSL coding of Website Traffic).

Thus can be guaranteed authenticity, privacy and integrity by data opposite third.

Overview

In order to prevent with the use of asymmetrical Kryptosystemen the employment more wrongly (e.g. more put underneath) keys, a proof is needed that the used public keys also to the designate receiver to the coded message and/or to the transmitter belongs to an electronically marked message. A trustworthy place in form of a digital certificate issues this proof.

One can imagine thus a certificate like an identity card in digital form: With the identity card the trustworthy place "“Meldeamt"” guarantees that the signature, which is on the document of identification also actually belongs to the person, whose master data and passport picture are on the document of identification.

Contrary to the identity card certificates become however from many different Zertifizierungstellen (e.g. GlobalSign, Verisign, Trust center among other things) and in many different quality classes spent. It is to be decided thing of the user whether it trusts the publisher of the certificate.

A certificate contains information over the names the owner, its public keys, a serial number, a validity period and the name of the certification body. These data are usually marked with the private key of the certification body and can be examined thus with the public key of the certification body. Certificates for keys, which are no longer safe, can become closed over a certificate check list in such a way specified (certificate revocation cunning).

In order to guarantee the authenticity of the certificate, a digital signature of a trustworthy organization or instance (e.g. an authority) is impressed to the certificate. The integrity and authenticity of the certificate can be proven by its signature. Since also the public key of a certification body must be examinable by means of a certificate finally, the necessity for a highest certification instance results. To Germany the federal net agency for electricity, gas, telecommunications, post office and railways (formerly RegTP) transfers this task. The federal net agency leads a list of all accredited certification service tenderers.

Example

Text representation of a X.509v3-Zertifikats (actually certificates are coded in accordance with ASN.1):

Certificate: DATA: Version: 3 (0x2) Serial NUMBER: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=XY, ST=Austria, L=Graz, O=TrustMe Ltd., OU= Certificate Authority, CN=CA/Email=ca@trustme.dom Validity emergency Before: Oct 29 17:39: 10 2000 GMT emergency after: Oct 29 17:39: 10 2001 GMT Subject: C=DE, ST=Austria, L=Vienna, O=Home, OU=Web lab, CN= anywhere.com/Email=xyz@anywhere.com Subject Public key info.: Public key Algorithm: rsaEncryption RSA Public key: (1024 bits) Modulus (1024 bits): 00: c4: 40: 4c: 6e: 14: 1b: 61: 36: 84: 24: b2: 61: c0: b5: d7: e4: 7a: a5: 4b: 94: ef: d9: 5e: 43: 7f: c1: 64: 80: fd: 9f: 50: 41: 6b: 70: 73: 80: 48: 90: f3: 58: BF: f0: 4c: b9: 90:32: 81: 59: 18: 16: 3f: 19: f4: 5f: 11: 68: 36: 85: f6: 1c: a9: af: company: a9: a8: 7b: 44: 85: 79: b5: f1: 20: d3: 25: 7d: 1c: de: 68: 15: 0c: b6: bc: 59: 46: 0a: d8: 99: 4e: 07: 50:0 A: 5d: 83: 61: d4: railways: c9: 7d: c3: 2e: eb: 0a: 8f: 62: 8f: 7e: 00: e1: 37: 67: 3f: 36: d5: 04: 38: 44: 44: 77: e9: f0: b4: 95: f5: f9: 34: 9f: f8: 43 exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject alternative name: email: xyz@anywhere.com Netscape COMMENT: mod_ssl generated test server certificate Netscape CERT type: SSL server Signature Algorithm: md5WithRSAEncryption 12: OD: f7: b3: 5e: a0: 93: 3f: a0: 1d: 60: cb: 47: 19: 7d: 15: 59: 9b: 3b: 2C: a8: a3: 6a: 03: 43: d0: 85: d3: 86: 86: 2f: e3: aa: 79: 39: e7: 82:20: OD: f4: 11: 85: a3: 41: 5e: 5c: 8d: 36: a2: 71: b6: 6a: 08: f9: CC: 1e: there: c4: 78: 05: 75: 8f: 9b: 10: f0: 15: f0: 9e: 67: a0: 4e: a1: 4d: 3f: 16: 4c: 9b: 19: 56: 6a: f2: af: 89: 54: 52: 4a: 06: 34: 42: 0d: d5: 40: 25: 6b: b0: c0: a2: 03: 18: CD: d1: 07: 20: b6: e5: c5: 1e: 21: 44: e7: c5: 09: d2: d5: 94: 9d: 6c: 13: 07: 2f: 3b: 7c: 4c: 64: 90: BF: FF: 8e

Meaning of the status of the certification bodies

Certification bodies can have accredited or non-accredit. A Zertifizierungstelle, which successfully went through the accreditation procedure in accordance with SigG, is classified as accredited and may carry 1 sentence 3 SigG an appropriate quality seal in accordance with "§ 15 exp. The Zertifizierungstellen becomes from confirmation places (at present three; Stood October 2005) on technical security and long-term suitability comprehensively examined. With accredited certification bodies it is guaranteed by the federal net agency (formerly RegTP) that even during suspension of service of the certification body the signatures (certificates) remain controllable by all involved ones further. Important is this above all, since many documents (in paper or electronic form) must be kept by law many years. If signatures would be after years no longer controllable, would have this fatal consequences.

Exhibition of a certificate by a Web OF Trust member

The coding software PGP and the open SOURCE variant Gnu Privacy Guard use likewise certificates. These confirm the authenticity and genuineness of the certified keys. PGP and GnuPG are based on open PGP and are compatibly to each other. A certificate can be produced by each user (Web OF Trust member). If a user believes in the fact that a public key actually belongs to the person, who publishes it, then he provides a certificate, by marking this public key. Other users can decide due to this certificate whether also they want to trust in the fact that the key belongs to the indicated user or not. The more certificates at a key, the more surely one hangs can be that this key actually belongs to the indicated owner. A certificate can be produced (does not have however) also by a certification body. It is recommended to use a certification body since these certificates enjoy a high measure of confidence in the broad mass of the users.

Certificate types after German signature law/European Union guideline

'' The original text from that German signature law (SigG) reads for this:

'' Definitions after "§ 2 SigG DE (excerpt):

'' 1. "“electronic signatures"” data in electronic form, which other electronic data are attached or logically linked with them and which serve for the Authentifizierung,

'' 2. "“are advanced electronic signatures"” electronic signatures after number 1, which A) exclusively assigned to the signature key owner, b) the identification of the signature key owner make possible,

'' 3. "“qualified electronic signatures"” as electronic signatures after number 2, diea) on at the time of their production a valid qualified certificate are based undb) with a safe signature production unit to be produced.

...

'' 6. "“Certificates"” electronic certificates, with which signature test codes are assigned to a person and who is confirmed identity of this person,

'' 7. "“qualified certificates"” electronic certificates after No. 6 for natural persons, who are issued the conditions "§ 7 to fulfill and by certification service tenderers, who fulfill themselves at least the requirements after "§"§ the 4 to 14 or "§ 23 of this law and the regulations of the statutory order referring to it after "§ 24. ''

The German signature law (SigG) and/or the European Union guideline evaluates the quality of certificates in eight stages, from which only four for a closer view are of importance:

  • simple digital certificate
  • advanced digital certificate
  • qualified digital certificate
  • accredited digital certificate

Simple and advanced certificates: The simple and advanced digital certificates are unreguliert complete and find e.g. with PGP, GnuPG, uws. Application. Depending upon Zertifizierungstelle other information is integrated into a simple and/or advanced certificate. For example:

  • E-Mail address of the certificate owner
  • extended text information, e.g. Address of the certificate owner

These certificates are not equated by the legislator with their own signature.

Qualified certificates: Qualified certificates are on an equal footing the personal signature. The term "“qualified certificate"” is an abbreviation for advanced signatures, which were provided with a safe signature production unit, which is in the exclusive order of the owner. With qualified certificates the legal defaults are accurate. Among other things:

  • biometric data
  • Reporting address of the certificate owner

Also higher requirements go to the storage (safety device) of the qualified certificate on special media, as e.g. on SmartCards or tokens.

Accredited certificates: Also the term of "“accredited digital certificates"” is partly used - the accreditation refers here however not to the certificate, but to the certification body. This is thus no own type of certificate: There is actually qualified certificates, whose certification body was accredited. Closer information is to be found under the point "“meaning of the status of the certification bodies"”.


Printer Friendly FormatPrinter Friendly Format
Back to topBack to top
Back to InternetBack to "Internet"
Back to topBack to top
Back to InternetBack to "Internet"

Related Websites

We found here 5 related websites.

Back to topBack to top
Back to InternetBack to "Internet"
Page cached: Wednesday, July 5, 2006 23:53:34
Valid XHTML 1.0!  Valid CSS!
Page copy protected against web site content infringement by Copyscape