In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... In cryptography, a digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. ... PKC, see PKC (disambiguation) Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ...

In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users ("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together. In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). ... In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ... In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and a user. ... In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by its own subject. ...

Use

Certificates are useful for large-scale public-key cryptography. Securely exchanging secret keys amongst users becomes impractical to the point of effective impossibility for anything other than quite small networks. Public key cryptography provides a way to avoid this problem. In principle, if Alice wants others to be able to send her secret messages, she needs only to publish her public key. Anyone possessing it can then send her secure information. Unfortunately, David could publish a different public key (for which he knows the related private key) claiming that it is Alice's public key. In so doing, David could intercept and read at least some of the messages meant for Alice. But if Alice builds her public key into a certificate and has it digitally signed by a trusted third party (Trent), anyone who trusts Trent can merely check the certificate to see whether Trent thinks the embedded public key is Alice's. In typical Public-key Infrastructures (PKIs), Trent will be a CA, who is trusted by all participants. In a web of trust, Trent can be any user, and whether to trust that user's attestation that a particular public key belongs to Alice will be up to the person wishing to send a message to Alice. A big random number is used to make a public-key pair. ... The names Alice and Bob are commonly used placeholders for archetypal characters in fields such as cryptography and physics. ... In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. ...

In large-scale deployments, Alice may not be familiar with Bob's certificate authority (perhaps they each have a different CA — if both use employer CAs, different employers would produce this result), so Bob's certificate may also include his CA's public key signed by a "higher level" CA₂, which might be recognized by Alice. This process leads in general to a hierarchy of certificates, and to even more complex trust relationships. Public key infrastructure refers, mostly, to the software that manages certificates in a large-scale setting. In X.509 PKI systems, the hierarchy of certificates is always a top-down tree, with a root certificate at the top, representing a CA that is 'so central' to the scheme that it does not need to be authenticated by some trusted third party. Trust is the belief in the good character of one party, presumed to seek to fulfill policies, ethical codes, law and their previous promises. ... In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). ... In cryptography and computer security, a root certificate is an unsigned public key certificate, or a self-signed certificate, and is part of a PKI scheme. ...

A certificate may be revoked if it is discovered that its related private key has been compromised, or if the relationship (between an entity and a public key) embedded in the certificate is discovered to be incorrect or has changed; this might occur, for example, if a person changes jobs or names. A revocation will likely be a rare occurrence, but the possibility means that when a certificate is trusted, the user should always check its validity. This can be done by comparing it against a certificate revocation list (CRL) — a list of revoked or cancelled certificates. Ensuring that such a list is up-to-date and accurate is a core function in a centralized PKI, one which requires both staff and budget and one which is therefore sometimes not properly done. To be effective, it must be readily available to any who needs it whenever it is needed and must be updated frequently. The other way to check a certificate validity is to query the certificate authority using the Online Certificate Status Protocol (OCSP) to know the status of a specific certificate. In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied upon by any system user. ... The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. ...

Both of these methods appear to be on the verge of being supplanted by XKMS.^{[citation needed]} This new standard, however, is yet to see widespread implementation. XML Key Management Specification (XKMS) leverages the web services framework to make it easier for developers to secure inter-application communication using public key infrastructure (PKI). ...

A certificate typically includes:

• The public key being signed.
• A name, which can refer to a person, a computer or an organization.
• A validity period.
• The location (URL) of a revocation center.
• The digital signature of the certificate, produced by the CA's private key.

The most common certificate standard is the ITU-T X.509. X.509 is being adapted to the Internet by the IETF PKIX working group. PKC, see PKC (disambiguation) Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ... A Uniform Resource Locator, URL (spelled out as an acronym, not pronounced as earl), or Web address, is a standardized address name layout for resources (such as documents or images) on the Internet (or elsewhere). ... The ITU Telecommunication Standardization Sector (ITU-T) coordinates standards for telecommunications on behalf of the International Telecommunication Union (ITU) and is based in Geneva, Switzerland. ... In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). ... The PKIX (Public-Key Infrastructure X.509) Working Group (PKIX-WG) was assigned — by the Internet Engineering Task Force (IETF) — to develop the necessary Internet standards needed to support a Public Key Infrastructure, based on the X.509 protocol. ...

Classes

VeriSign introduced the concept of classes of digital certificates: VeriSign, Inc. ...

• Class 1 for individuals, intended for email;
• Class 2 for organizations, for which proof of identity is required; and
• Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority (CA).
• Class 4 for online business transactions between companies
• Class 5 for private organizations or governmental security

In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ...

Criticism

Public key certificates are often used for web server identification (eg. https protocol). Usually people don't understand the security model of public key certificates and neglect to read the alert information. This would result eg. in phishing attacks, when the phishing site's certificate was issued by an untrusted CA, the user click on the "go on, i want to use the application" button, and at the end the user trusts the phishing site, because "he/she can see the security lock in the bottom of the browser". There are a lot of other critics for PKI by Peter Gutmann. This article is about a computer scientist. ...

See also

• Authorization certificate
• Certificate signing request
• Digital signature
• OpenPGP
• Secure Sockets Layer, Transport Layer Security