W3C Security Digital Signature Initiative

DSig 1.0

X509 Certificate



This page is incomplete!

An updated version should be available by 18 June, 1997


What are Certificates?
Certificates are digital documents attesting to the binding of a public key to an individual or other entity. They allow verification of the claim that a given public key does in fact belong to a given individual. Certificates help prevent someone from using a phony key to impersonate someone else.

In their simplest form, certificates contain a public key and a name. As commonly used, a certificate also contains an expiration date, the name of the certifying authority that issued the certificate, a serial number, and perhaps other information. Most importantly, it contains the digital signature of the certificate issuer. The most widely accepted format for certificates is defined by the ITU-T X.509 international standard (see Question 165); thus, certificates can be read or written by any application complying with X.509. A detailed discussion of certificate formats can be found in [Ken93].



Question 165. What is X.509?

ITU-T Recommendation X.509 [CCI88c] specifies the authentication service for X.500 directories, as well as the widely adopted X.509 certificate syntax. The initial version of X.509 was published in 1988, version 2 was published in 1993, and version 3 was proposed in 1994 and considered for approval in 1995. Version 3 addresses some of the security concerns and limited flexibility that were issues in versions 1 and 2.

Directory authentication in X.509 can be carried out using either secret-key techniques or public-key techniques; the latter is based on public-key certificates. The standard does not specify a particular cryptographic algorithm, although an informative annex of the standard describes the RSA algorithm (see Question 8).

An X.509 certificate consists of the following fields:

•version •serial number •signature algorithm ID •issuer name •validity period •subject (user) name •subject public key information •issuer unique identifier (version 2 and 3 only) •subject unique identifier (version 2 and 3 only) •extensions (version 3 only) •signature on the above fields

This certificate is signed by the issuer to authenticate the binding between the subject (user's) name and the user's public key. The major difference between versions 2 and 3 is the addition of the extensions field. This field grants more flexibility as it can convey additional information beyond just the key and name binding. Standard extensions include subject and issuer attributes, certification policy information, and key usage restrictions, among others.

X.509 also defines a syntax for certificate revocation lists (CRLs) (see Question 129).

The X.509 standard is supported by a number of protocols, including PEM (see Question 130), PKCS (see Question 166), S-HTTP (see Question 133), and SSL (see Question 134).

Philip A. DesAutels, DSig Project Manager