X.509
In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates and a certification path validation algorithm.
| Contents |
History and usage
X.509 was initially issued in 1988 and was begun in association with the X.500 standard and assumed a strict hierarchial system of certificate authorities (CAs) for issuing the certificates. This contrasts with web of trust models, like PGP, where anyone (not just special CAs) may sign (and thus attest to the validity) of others' key certificates. Version 3 of X.509 includes the flexibility to support other topologies like bridges and meshes. It can be used in a peer-to-peer, OpenPGP-like web of trust, but is rarely used that way as of 2004. The X.500 system has never been fully implemented, and the IETF's public-key infrastructure working group has adapted the standard to the more flexible organization of the Internet. In fact, the term, X.509 certificate usually refers to the IETF's PKI Certificate and CRL Profile of the X.509 v3 certificate standard, as specified in RFC 3280.
Certificates
In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name in the X.500 tradition, or to an Alternative Name such as an e-mail address or a DNS-entry.
An organisation's trusted root certificates can be distributed to all employees so that they can use the company PKI system. Browsers such as Internet Explorer, Netscape/Mozilla and Opera come with root certificates pre-installed, so SSL certificates from larger vendors who have paid for the privilege of being pre-installed will work instantly; in essence the browser's owners determine which CAs are trusted third parties. Whilst these root certificates can be removed or disabled, users rarely do so.
X.509 also includes standards for certificate revocation list (CRL) implementations, an often neglected aspect of PKI systems. The IETF-approved way of checking a certificate's validity is the Online Certificate Status Protocol (OCSP).
Structure of a certificate
The structure of a X.509 v3 digital certificate is as follows:
- Certificate
- Version
- Serial Number
- Algorithm ID
- Issuer
- Validity
- Not Before
- Not After
- Subject
- Subject Public Key Info
- Public Key Algorithm
- Subject Public Key
- Issuer Unique Identifier (Optional)
- Subject Unique Identifier (Optional)
- Extensions (Optional)
- ...
- Certificate Signature Algorithm
- Certificate Signature
Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3.
Common file extensions for X.509-certificates are:
- .CER - DER encoded certificate, sometimes sequence of certificates
- .DER - DER encoded certificate
- .PEM - Base64 encoded certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
- .P7B - See .p7c
- .P7C - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
- .PFX - See .p12
- .P12 - PKCS#12, may contain certificate(s) (public) and private keys (password protected)
PKCS #7 is a standard for signing or encrypting (they call it "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C-file is just a degenerated SignedData structure, without any data to sign.
PKCS #12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file.
A .PEM-file may contain certificate(s) or private key(s), enclosed between the appropriate BEGIN/END-lines.
Certificate Authorities
References
- Arjen Lenstra, Xiaoyun Wang and Benne de Weger, Colliding X.509 Certificates, 1 March 2005, ePrint archive, [1].
External links
- http://www.ietf.org/html.charters/pkix-charter.html
- Internet X.509 Public Key Infrastructure Certificate and CRL Profile (RFC 3280)
- Peter Gutmann's X.509 Style Guide