What is a digital certificate? – Digital Certificates and Certification Authorities
10.1 What is a digital certificate?
Remember from Chapter 7, Public-Key Cryptography, that public keys, more precisely their numerical representation and their relation to a certain entity, must be authentic. Otherwise, an attacker, Eve, might exchange her own public key with Alice’s and could read Alice’s messages. Digital signatures, on the other hand, create the same need for authentic public keys: If Eve manages to exchange PKAlice with her own public key, she can sign with her own private key but claim that the signature was created by Alice, with potentially catastrophic consequences for Alice.
Yet, so far, we have not discussed how we can achieve authenticity for public keys in the best possible way. Luckily, digital signatures, as discussed in the last chapter, provide us with a way to ensure authenticity. What we need is a digitally signed statement that binds together a public key with a corresponding entity. These statements are so important that they have a name of their own:
A digitally signed document stating that a certain public key belongs to a certain entity is called a digital certificate.
Note that because of the non-repudiability of the digital signature, the signing party bears a certain responsibility that the information contained in the certificate is correct. Very often, the signing parties of a certificate are companies or governmental organizations. In this case, the signer of a certificate is called a Certification Authority or CA for short.
10.2 X.509 certificates
Because digital certificates are exchanged and automatically interpreted by various entities and systems, there must be a standard prescribing the format and data fields of a digital certificate. The oldest and most important digital certificate standard is called X.509, with v3 being its newest version.
In X.509, digital certificates are always issued by a CA. X.509 is an offspring of X.500, an early attempt by the OSI at a global directory structure, in which every entity has a globally unique Distinguished Name (DN). A distinguished name, in turn, is a collection of Relative Distinguished Names (RDNs). This naming scheme was also adopted for X.509 certificates. For example, according to his X.509 certificate, one of the authors of this book has the distinguished name C = DE, O = Hochschule der Medien, CN = Roland Schmitz, where C stands for Country, DE stands for Germany, O stands for Organization, and CN stands for Common Name. The CN should be unique within the organization so that, globally, the DN forms a unique identifier. Interestingly, the first version of X.509 did not include the option to use an e-mail address as the CN. This had to be added in later versions.
The DN of the certificate owner is one of the minimum eight data fields in an X.509 certificate. We will now discuss these in turn.