The certificate mentioned here is not the certificate we want to test, but the certificate that is used almost anytime on the Internet. To meet the security requirements of e-commerce and other behaviors in the Internet environment, you must have a method to confirm your identity, whether it is the identity of the provider (website, application, etc, or indicates the identity of the user (email, instant message, etc.) in communication.
Therefore, common uses include Server Authentication (SSL), email signature, software signature, and network access protection (NAP ).
? X.509 standard-defined Certificate
Common certificates are basically based on the X.509 standard. I have never heard of X.509. What about X.500? Have you heard of it? Familiar with LDAP? LDAP (Lightweight Directory Access Protocol, light Directory Access Protocol) is a simplified version of X.500 DAP (Directory Access Protocol, Directory Access Protocol.
Check the descriptions of X.500 And X.509 in RFC, and you will find that there are many similarities between them. For example, some objects and certificate functions are represented by a specific registered oid.
? Digital Certificate used by PKI (Public Key Infrastructure)
The certificate does not exist independently. In order to achieve the purpose of using the certificate, a complete mechanism is required to give full play to the certificate function. The simplest is to be able to complete the certificate lifecycle, security, and management.
The above requirements are implemented by the PKI architecture. In general, PKI consists of the following parts:
- A Certificate Authority (CA) that both issues and verifies the digital certificates
- A registration authority which verifies the identity of users requesting information from the CA
- A central directory-i.e., a secure location in which to store and index keys
- A Certificate Management System
- A certificate policy
First, a CA is required to issue and verify the certificate. Then, a CA is required to process and verify the user's certificate request and certificate information, which must be stored in a central directory. At the same time, a certificate management system and a certificate policy are required for Security and unified management.
So what is the certificate?
The core of the certificate is actually a pair of public key private keys. The public key private key uses a specific algorithm to ensure that the pairs have unique matching. The private key is usually left to the certificate holder. The public key is sent or used by others.
Take common usage as an example. For encrypted transmission content, such as SSL and https, refer:
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201410/13/2474833_14132130512pST.png "" 404 "Height =" 271 "/>
The sender uses the Public Key provided by the receiver to encrypt the plaintext and transmit the ciphertext on the network or in other forms. After receiving the ciphertext, the recipient decrypts the ciphertext using the private key corresponding to the public key to obtain the sent plaintext. Different public keys and private keys are used for encryption and decryption, which are also called asymmetric encryption.
Another common usage of a certificate is to sign emails, software, and so on to confirm the identity of its source or provider. Refer:
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201410/13/2474833_1413213052FmyC.png "" 403 "Height =" 285 "/>
The sender uses his/her own private key to encrypt the email and then sends an email signed with the private key, which contains the email, the digital signature in the certificate, and X.509 information. After the recipient obtains the signed information, the sender's public key obtained by va is used to confirm that the sender's private key is unique, so as to confirm the sender's identity and obtain the plaintext of the email.
About Certificate-what is a certificate