Page 125 - CISSO_Prep_ Guide
P. 125
Certificates
The purpose of a certificate is to link a public key with its
owner. A certificate is usually generated by a trusted third party
known as a Certificate Authority (CA). The CA generates a
certificate on behalf of the owner of a public key that the owner
can use to prove that this public belongs to them. If Alice sends
Bob a certificate created and signed by a CA, then Bob can be
confident that the public key in the certificate belongs to Alice.
Then when he opens a digital signature with that public key, he
knows that the message was signed and sent by Alice.
The format of a certificate is based on the X.509 standard. This
ensures that certificates can be accessed by most browsers and
systems and that the certificates are of a common format even
though issued by different CAs.
A certificate is valid for a defined period (often one year). So
Alice would need to go back to the CA on an annual basis to get
a new certificate. However, if at any time, Alice wants to cancel
the certificate, Alice will notify the CA, and the CA will put the
certificate on a certificate revocation list (CRL).
PKI - Public Key Infrastructure
PKI refers to the implementation of asymmetric key
cryptography. A PKI implementation is based on a CA that
manages all the certificates for the members of the
implementation group. Any member of the group can gain
access to the certificates of the other group members. This
ensures that everyone can communicate securely, knowing that
their messages can only be accessed by the correct person. A
PKI may use an external CA, or a company may be their own
