A certificate is a data structure signed by an entity that is considered (by some other collection of entities) to be authoritative for its contents. The signature on the data structure binds the contained information together in such a way that this information cannot be altered without detection. Entities that retrieve and use certificates (often called “relying parties”) can choose to rely upon the contained information because they can determine whether the signing authority is a source they trust and because they can ensure that the information has not been modified since it was certified by that authority.
The information contained in a certificate depends upon the purpose for which that certificate was created. The primary types of certificates are public-key certificates (see public-key infrastructure) and attribute certificate, although in principle an authority may certify any kind of information [1, 2, 3, 5]. Public-key certificates typically bind a public key pairFootnote 1...
Notes
- 1.
The identity is bound explicitly to the public key, but implicitly to the private key as well. That is, only the public key is actually included in the certificate, but the underlying assumption is that the identified entity is the (sole) holder of the corresponding private key; otherwise, relying parties would have no reason to use the certificate to encrypt data for, or verify signatures from, that entity.
References
Adams, C. and S. Farrell (1999). “Internet X.509 public key infrastructure: Certificate management protocols.” Internet Request for Comments 2510.
Adams, C. and S. Lloyd (2003). Understanding PKI: Concepts, Standards, and Deployment Considerations (2nd ed.). Addison-Wesley, Reading, MA.
Housley, R. and T. Polk (2001). Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. John Wiley & Sons, New York.
ITU-T Recommendation X.509 (2000). “Information technology—open systems interconnection—the directory: public key and attribute certificate frameworks.” (equivalent to ISO/IEC 9594-8:2001).
Myers, M., X. Liu, J. Schaad, and J. Weinstein (2000). “Certificate management messages over CMS.” Internet Request for Comments 2797.
OASIS Security Services Technical Committee (2002). “Security Assertion Markup Language (SAML) Version 1.0”; see http://www.oasis-open.org/committees/security/ for details.
Simple Public Key Infrastructure (SPKI) Working Group charter (2003); see http://www.ietf.org/html.charters/spki-charter.html for details.
Zimmermann, P. (1995). The Official PGP User's Guide. MIT Press, Cambridge, MA.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Adams, C. (2005). Certificate. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_49
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_49
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering