Digital Certificates

Digital certificates, also known as public key certificates or most often just X.509 certificates^[2], named after the standard defining the syntax and semantics of underlying data, are the most basic building blocks of PKI. Certificates are digital documents, essentially a stream of bytes, binding a public key with the identity of the corresponding private key owner and is signed by a trusted entity and known as Certification Authority or just CA. The owner of the private key is known as the subject and the signing entity as the issuer. Both of these entities have their own identity and are sometimes referred to as principals.

^[2] Strictly speaking, a X.509 certificate is just a specific type of public key certificate, defined by CCITT Recommendation X.509. There are other kinds of public key certificates, but they are not widely used.

The best way to feel comfortable with the notion of digital certificates is to think of them as digital counterparts of physical identity cards such as a passport, driver's license or a credit card. All of these bind the displayed identity information to the holder of the card, are issued for a fixed duration and have visible indications of being issued by an appropriate authority. The special material used and all the visual indicators make it difficult to duplicate or tamper with these cards. Most often, the authenticity of the card is determined by visual inspection and the ownership claim is verified by matching the appearance of the holder with the photo on the card or by matching the physical signature. In some cases, especially with credit cards, there is a mechanism in place to verify that the card has not been reported stolen. As we learn in this chapter, almost all these characteristics and operations have counterparts for digital certificates.

The specification of what a X.509 certificate should contain and in what format has gone through its own cycle of evolution, the current and most widely one being used is X.509 v3. Figure 4-1 shows the packaging of fields and subfields of a X.509v3 certificate.

Each certificate contains a unique serial number assigned by the issuing CA, validity period with a start and end date, information about the issuing CA including its public key, and a host of other fields. The certificate contents are signed using the CA's private key and the signature is appended to it. Inclusion of the CA's signature makes the certificate tamper-evident and self-contained for verification.

A special convention is used for specifying the identity, or distinguished name, of the issuer and the subject. A distinguished name essentially consists of a set of name value pairs, with names like C (Country), O (Organization), OU (Organizational Unit), CN (Common Name) and a few others. This convention was adopted for identifying members of enterprises, but is now routinely used for identifying machine names for server certificates, members of the general population for personal certificates used by e-mail programs, companies for code signing certificates, CAs for CA certificates, and so on. Let us look at few examples of distinguished names.

Distinguished Name of the author in the certificate issued by his employer:

E = [email protected]
CN = Pankaj Kumar
OU = Employment Status - Employees
OU = HP IT
O = Hewlett-Packard

Distinguished Name used in a Verisign's CA certificate:

OU = VeriSign Trust Network
OU = (c) 1998 VeriSign, Inc. - For authorized use only
OU = Class 1 Public Primary Certification Authority - G2
O = VeriSign, Inc.
C = US

The optional extensions field could contain additional information on subject type, identity, intended uses for the public key or any other relevant aspect of the certificate or any of the entities mentioned therein. A number of these have been specified over time by different organizations and standardization bodies. These extensions play a key role in specifying the intended usage of a particular certificate. A detailed knowledge of the specific extensions is rarely needed for programming or using PKI-based security and is not discussed further.

The structure of an X.509 certificate is formally specified using ASN.1 (Abstract Syntax Notation One) notation and individual certificates are encoded using DER (Distinguished Encoding Rule), a binary encoding defined for ASN.1-specified content. As transmission of binary content is not always convenient, these are often converted into a base64 encoding-based ASCII format. Although a detailed understanding of these standards is rarely needed, you need to be aware of these to be able to comfortably work with PKI-related files.