Printer Friendly
Dictionary, Encyclopedia and Thesaurus - The Free Dictionary
3,920,953,118 visitors served.
forum Join the Word of the Day Mailing List For webmasters
?
Dictionary/
thesaurus
Medical
dictionary
Legal
dictionary
Financial
dictionary
Acronyms
 
Idioms
Encyclopedia
Wikipedia
encyclopedia
?

digital certificate
(redirected from Public key certificate)

    Also found in: Medical, Acronyms, Wikipedia 0.01 sec.

digital certificate

Electronic credit card intended for on-line business transactions and authentications on the Internet. Digital certificates are issued by certification authorities (e.g., VeriSign). They typically contain identification information about the holder, including the person's public key (used for encrypting and decrypting messages), along with the authority's digital signature, so that the recipient can verify with the authority that the certificate is authentic. Web sites may also have digital certificates, to enable a person intending to buy its products to confirm that it is an authenticated e-commerce site.

digital certificate
The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called a "digital ID," "digital identity certificate," "identity certificate" and "public key certificate," digital certificates are issued by a trusted third party known as a "certification authority" (CA) such as VeriSign (www.verisign.com) and Thawte (www.thawte.com).

The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.

Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."

The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.

Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.

Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.

 Major Data Elements in an X.509 Certificate

 Version number of certificate format
 Serial number (unique number from CA)
 Certificate signature algorithm
 Issuer (name of CA)
 Valid-from/valid-to dates
 Subject (name of company or person certified)
 Subject's public key and algorithm
 Digital signature created with CA's private key


Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
(communications, security)digital certificate - An attachment to an electronic mail message used for security purposes, e.g. to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

An individual wishing to send an encrypted message applies for a digital certificate from a certificate authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available on the Internet.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate.
Want to thank TFD for its existence? Tell a friend about us, add a link to this page, add the site to iGoogle, or visit the webmaster's page for free fun content.
?Page tools
Printer friendly
Cite / link 		Feedback
Mentioned in?  References in periodicals archive?   Encyclopedia browser?   Full browser?
No references found
 
Once this information is verified, the CA can issue a public key certificate for that party to use.
Transferring Files Securely Using FTPS by David Muck / Computers and Internet community
It stipulates that identity must be verified by rapid, two-factor electronic authentication--specifically, the infrastructure used must support identification cards that contain both public key certificates and a PIN or password.
Blue Ridge's secure platform assures compliance with HSPD-12 data ... by EDP Weekly's IT Monitor
Issues to be resolved include the proliferation of available standards and the need for a common repository system for public key certificate distribution and retrieval.
PKI guidlines. (Security) by Software World
 
 
Public Investors Arbitration Bar Association
Public Involvement and Aboriginal Affairs
Public Involvement Program
Public Involvement Workgroup
Public Islamic Asia Balanced Fund
Public Islamic Balanced Fund
Public Islamic Dividend Fund
Public Islamic Enhanced Bond Fund
Public Islamic Equity Fund
Public Islamic Money Market Fund
Public Islamic Opportunities Fund
Public Issues & World Affairs
Public Issues Committee
Public Issues Education
Public Issues Education Center
Public Issues Leadership Development
Public Joint Stock Company
Public Justice Achievement Award
Public Justice Resource Centre
Public key
Public key
Public key algorithm
Public key algorithm
Public Key Authentication
Public Key Authentication Framework
Public Key Authority
Public key certificate
Public Key Cryptographic System
Public key cryptography
Public key cryptography
Public key cryptosystem
Public key crytography
Public Key Directory
Public Key Distribution Scheme
Public Key Enabled/Enabling
Public key encryption
Public key encryption
Public key encyption
Public Key Exchange
Public key fingerprint
Public Key Generation
Public Key Information
Public key infrastructure
Public key infrastructure
Public key infrastructure
Public Key Infrastructure Adoption
Public Key Infrastructure Digital Certificate
Public Key Infrastructure Exchange
Public Key Infrastructure for X.509 Certificates
Public Key Infrastructure Services
Public Key Infrastructure Shared Service Provider
Public Key Interoperability Test Suite
Public Key Organization
Public Key Organization Identifier
Public Key Partners
 
Encyclopedia
?

Terms of Use | Privacy policy | Feedback | Advertise with Us | Copyright © 2012 Farlex, Inc.
Disclaimer
All content on this website, including dictionary, thesaurus, literature, geography, and other reference data is for informational purposes only. This information should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional.