In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates and a certification path validation algorithm. The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... The ITU Telecommunication Standardization Sector (ITU-T) coordinates standards for telecommunications on behalf of the International Telecommunication Union (ITU) and is based in Geneva, Switzerland. ... In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). ... In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. ... The certification path validation algorithm is the algorithm which verifies that a given certificate path (also called a certificate chain) is valid under a given PKI. A path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by...

History and usage

X.509 was initially issued in 1988 July the Third and was begun in association with the X.500 standard and assumed a strict hierarchical system of certificate authorities (CAs) for issuing the certificates. This contrasts with web of trust models, like PGP, where anyone (not just special CAs) may sign, and thus attest to the validity of others' key certificates. Version 3 of X.509 includes the flexibility to support other topologies like bridges and meshes. It can be used in a peer-to-peer, OpenPGP-like web of trust, but is rarely used that way as of 2004. The X.500 system has never been fully implemented, and the IETF's Public-Key Infrastructure (X.509), or PKIX, working group has adapted the standard to the more flexible organization of the Internet. In fact, the term X.509 certificate usually refers to the IETF's PKIX Certificate and CRL Profile of the X.509 v3 certificate standard, as specified in RFC 3280, commonly referred to as PKIX for Public Key Infrastructure (X.509). Year 1988 (MCMLXXXVIII) was a leap year starting on Friday (link displays 1988 Gregorian calendar). ... X.500 is the set of ITU-T computer networking standards covering electronic directory services such as white pages, Knowbot and whois. ... In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ... In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and a user. ... PGP Encryption (Pretty Good Privacy) is a computer program that provides cryptographic privacy and authentication. ... A network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model. ... A mesh is similar to fabric or a web in that it has many connected or weaved pieces. ... An Open Specification for Pretty Good Privacy (openpgp) OpenPGP is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440. ... In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and a user. ... shelby was here 2004 (MMIV) was a leap year starting on Thursday of the Gregorian calendar. ... The Internet Engineering Task Force (IETF) is charged with developing and promoting Internet standards. ... In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied upon by any system user. ...

Certificates

In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name in the X.500 tradition, or to an Alternative Name such as an e-mail address or a DNS-entry. X.500 is the set of ITU-T computer networking standards covering electronic directory services such as white pages, Knowbot and whois. ... An -mail address identifies a location to which e-mail messages can be delivered. ... It has been suggested that this article be split into multiple articles. ...

An organization's trusted root certificates can be distributed to all employees so that they can use the company PKI system. Browsers such as Internet Explorer, Netscape/Mozilla, Opera and Safari come with root certificates pre-installed, so SSL certificates from larger vendors who have paid for the privilege of being pre-installed will work instantly; in effect the browsers' owners determine which CAs are trusted third parties for the browsers' users. Although these root certificates can be removed or disabled, users rarely do so. If pre-installed root certificates are removed on the Microsoft-platform, the operating-system re-installs them as soon as a web-site using the certificate is visited. As this mechanism relies on hash-values, pre-installed with the operating system, it is not even possible to determine which certificates are permanently trusted. In cryptography and computer security, a root certificate is an unsigned public key certificate, or a self-signed certificate, and is part of a PKI scheme. ... Windows Internet Explorer (formerly Microsoft Internet Explorer, abbreviated MSIE), commonly abbreviated to IE, is a series of popular graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems starting in 1995. ... Netscape Communications Corporation (commonly known as Netscape), was an American computer services company, best known for its web browser. ... Mozilla was the official, public, original name of Mozilla Application Suite by the Mozilla Foundation, nowadays called SeaMonkey suite. ... Opera is an Internet suite which handles common internet-related tasks, including visiting web sites, sending and receiving e-mail messages, managing contacts, and online chat. ... Map of Africa 1890 Look up safari in Wiktionary, the free dictionary. ... Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. ...

X.509 also includes standards for certificate revocation list (CRL) implementations, an often neglected aspect of PKI systems. The IETF-approved way of checking a certificate's validity is the Online Certificate Status Protocol (OCSP). Popular browsers like Internet Explorer and Firefox don't check for certificate revocation by default. The time lag for performing the checking could be one of the reasons. In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied upon by any system user. ... The Internet Engineering Task Force (IETF) is charged with developing and promoting Internet standards. ... The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. ...

Structure of a certificate

The structure of a X.509 v3 digital certificate is as follows: In cryptography, a public key certificate (or identity certificate) is a certificate which uses a digital signature to bind together a public key with an identity — information such as a the name of a person or an organisation, their address, and so forth. ...

• Certificate
  • Version
  • Serial Number
  • Algorithm ID
  • Issuer
  • Validity
    • Not Before
    • Not After
  • Subject
  • Subject Public Key Info
    • Public Key Algorithm
    • Subject Public Key
  • Issuer Unique Identifier (Optional)
  • Subject Unique Identifier (Optional)
  • Extensions (Optional)
    • ...
• Certificate Signature Algorithm
• Certificate Signature

Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3.

Certificate file extensions

Common filename extensions for X.509-certificates are:

• .CER - CER encoded certificate, sometimes sequence of certificates
• .DER - DER encoded certificate
• .PEM - (Privacy Enhanced Mail) Base64 encoded certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
• .P7B - See .p7c
• .P7C - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
• .PFX - See .p12
• .P12 - PKCS#12, may contain certificate(s) (public) and private keys (password protected)

PKCS #7 is a standard for signing or encrypting (officially called "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C-file is just a degenerated SignedData structure, without any data to sign. Canonical encoding rules (CER) are a restricted variant of basic encoding rules for producing unequivocal transfer syntax for data structures described by ASN.1. ... DER or Distinguished Encoding Rules is a method for encoding a data object, such as an X.509 certificate, to be digitally signed or to have its signature verified. ... In cryptography, Privacy-enhanced Electronic Mail, or Privacy Enhanced Mail (PEM), is a technique for exchanging electronic mail over a public medium securely. ... It has been suggested that Radix-64 be merged into this article or section. ... In cryptography, PKCS refers to a group of Public Key Cryptography Standards devised and published by RSA laboratories in California. ... In cryptography, PKCS refers to a group of Public Key Cryptography Standards devised and published by RSA laboratories in California. ... In cryptography, PKCS refers to a group of Public Key Cryptography Standards devised and published by RSA laboratories in California. ...

PKCS #12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file. In cryptography, PKCS refers to a group of Public Key Cryptography Standards devised and published by RSA laboratories in California. ...

A .PEM-file may contain certificate(s) or private key(s), enclosed between the appropriate BEGIN/END-lines (CERTIFICATE or RSA PRIVATE KEY). .

Sample X.509 certificates

As an example of an X.509 certificate, here's a decode (generated with openssl) of one of www.freesoft.org's old certificates; the actual certificate is about 1KB in size. It was issued (signed) by Thawte (since acquired by Verisign), as stated in its Issuer field. Its subject contains a lot of personal information, but the most important part is the common name (CN) of www.freesoft.org - this is the part that must match the host being authenticated. Next comes an RSA public key (modulus and public exponent), followed by the signature, computed by taking an MD5 hash of the first part of the certificate and encrypting it with Thawte's RSA private key. OpenSSL is an open source implementation of the SSL and TLS protocols. ...

 Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64:b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b: c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:19:f6:ad:ef:63:2f:92: ab:2f:4b:cf:0a:13:90:ee:2c:0e:43:03:be:f6:ea:8e:9c:67: d0:a2:40:03:f7:ef:6a:15:09:79:a9:46:ed:b7:16:1b:41:72: 0d:19:aa:ad:dd:9a:df:ab:97:50:65:f5:5e:85:a6:ef:19:d1: 5a:de:9d:ea:63:cd:cb:cc:6d:5d:01:85:b5:6d:c8:f3:d9:f7: 8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22: 68:9f 

To validate this certificate, we need another certificate, one that matches the Issuer (Thawte Server CA) in the first certificate. Then we take the RSA public key from the second (CA) certificate, use it to decode the signature on the first certificate to obtain an MD5 hash, which must match an actual MD5 hash computed over the rest of the certificate. Here's the CA cert:

 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Aug 1 00:00:00 1996 GMT Not After : Dec 31 23:59:59 2020 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c: 68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da: 85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06: 6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2: 6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b: 29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90: 6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f: 5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36: 3a:c2:b5:66:22:12:d6:87:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: md5WithRSAEncryption 07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9: a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48: 3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88: 4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9: 8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5: e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9: b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e: 70:47 

This is an example of a self-signed certificate; note that the issuer and subject are the same. There's no way to verify this certificate except by checking it against itself; we've reached the top of the certificate chain. So how does this certificate become trusted? Simple - it's manually configured. Thawte is one of the root certificate authorities recognized by both Microsoft and Netscape. This certificate comes with the web browser (you can probably find it listed as "Thawte Server CA" in the security settings); it's trusted by default. As a long-lived (note the expiration date), globally trusted certificate that can sign pretty much anything (note the lack of any constraints), its matching private key has to be one of the most closely guarded in the world.

Security

In 2005, Arjen Lenstra and Benne de Weger demonstrated "how to use hash collisions to construct two X.509 certificates that contain identical signatures and that differ only in the public keys," achieved using a collision attack on the MD5 hash function. [1] Arjen K. Lenstra Arjen K. Lenstra is a Dutch mathematician. ... A collision attack on a cryptographic hash tries to find two different inputs that will produce the same hash value, i. ... In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. ...

Certificate authority

Main article: Certificate authority

A certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes. In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ... In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. ...

There are many commercial CAs that charge for their services. Institutions and governments may have their own CAs, and there are free CAs.

Public-Key Infrastructure (X.509) Working Group

The Public-Key Infrastructure (X.509) working group (PKIX) is a working group of the Internet Engineering Task Force dedicated to creating RFCs and other standards documentation on issues related to public key infrastructure based on X.509 certificates. PKIX was established in Autumn 1995. Wikipedia does not have an article with this exact name. ... The Internet Engineering Task Force (IETF) develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standard bodies; and dealing in particular with standards of the TCP/IP and Internet protocol suite. ... In internetworking and computer network engineering, Request for Comments (RFC) documents are a series of memoranda encompassing new research, innovations, and methodologies applicable to Internet technologies. ...

See also

• Digital Certificate
• Digital Signature
• Timestamp
• Public Key
• Public Key Infrastructure (PKI)
• Certificate Authority
• Pretty Good Privacy (PGP)
• Certificate Policy
• Online Certificate Status Protocol (OCSP)
• Certificate Revocation List (CRL)
• ISO/IEC
• Computer security
• Information security
• Communications security
• Code access security

In cryptography, a public key certificate (or identity certificate) is a certificate which uses a digital signature to bind together a public key with an identity — information such as a the name of a person or an organisation, their address, and so forth. ... In cryptography, a digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. ... Timestamp can refer to a time code or to a digitally signed timestamp whose signer vouches for the existence of the signed document or content at the time given as part of the digital signature. ... Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. ... In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). ... In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ... PGP Encryption (Pretty Good Privacy) is a computer program that provides cryptographic privacy and authentication. ... There are very few or no other articles that link to this one. ... The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. ... In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied upon by any system user. ... This article does not cite any references or sources. ... This article describes how security can be achieved through design and engineering. ... Security is everyone’s responsibility. ... Communications security (COMSEC): Measures and controls taken to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such telecommunications. ... Code access security, in the Microsoft . ...

Protocols and Standards supporting X.509 certificates

• Transport Layer Security (TLS/SSL)
• Secure Multipurpose Internet Mail Extensions (S/MIME)
• IPsec
• SSH
• Smartcard
• HTTPS
• Extensible Authentication Protocol
• Lightweight Directory Access Protocol
• Trusted Computing Group (TNC TPM NGSCB)
• CableLabs (North American Cable Industry Technology Forum)
• WS-Security

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. ... S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME. // S/MIME was originally developed by RSA Data Security Inc. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ... Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. ... A smart card, or integrated circuit(s) card (ICC), is defined as any integrated circuitry embedded into a flat, plastic body. ... https is a URI scheme used to indicate a secure HTTP connection. ... Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. ... The Lightweight Directory Access Protocol, or LDAP (IPA: ), is an application protocol for querying and modifying directory services running over TCP/IP.[1] A directory is a set of information with similar attributes organized in a logical and hierarchical manner. ... WS-Security (Web Services Security) is a communications protocol providing a means for applying security to Web Services. ...

References

• [ITU-T Recommendation X.509][2] (2005): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, 08/05.
• C. Adams, S. Farrell, "Internet X.509 Public Key Infrastructure: Certificate Management Protocols", RFC 2510, March 1999
• Housley, R., W. Ford, W. Polk and D. Solo, "Internet X.509 Public Key Infrastructure: Certificate and CRL Profile", RFC 3280, April 2002. Obsoletes RFC 2459/ updated by RFC 4325,RFC 4630.
• Housley, R., W. Ford, W. Polk and D. Solo, "Internet X.509 Public Key Infrastructure: Certificate and CRL Profile", RFC 2459, January 1999. Obsoleted by RFC 3280.
• Arjen Lenstra, Xiaoyun Wang and Benne de Weger, On the possibility of constructing meaningful hash collisions for public keys, full version, with an appendix on colliding X.509 certificates, 2005 [3] (see also [4]).

Xiaoyun Wang (born 1966) is a researcher and professor in the Department of Mathematics and System Science, Shandong University, Shandong, China. ...

External links

• ITU-X Recommendation X.509 : Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks
• Peter Gutmann's X.509 Style Guide
• PKIX website
• CAcert.org - Free digital certificates
• Enterprise Trust Integration and Web Services Security standards and demos
• FAQ from RSA Labs
• Verisign Inc.
• Surety Inc.
• Sun Inc. - Secure code guidelines
• Microsoft Press - Writing Secure Code