X.509 is a digital certificate which is accepted as international and
public key infrastructure (PKI)standard to verify that a public key belongs to
users or service identity contained within the certificate. Where digital
certificate is an electronic password that allows a user’s computer or
organization to exchange the information securely over the internet using the
Fig.Structure of x.509 certificate
There are 10 basic fields in a digital certificate. Out of 10 in
which six are compulsory and four are optional fields. The necessary fields
6.Public Key Information
The optional fields are:Version,Issuer unique Id, Subject unique
ID, Extensions. This optional fields are used in aversion 2 and 3.
specifies the version number of the certificate. There are th three version
1,2,and 3 .When extension are included
in certificate, this field indicate version 3.if it indicate without extension,
then it is version2.if it doesn’t include both of them then it is version1.
Serial number: It is
unique positive number assigned for each certificate which is assigned by a
issuer to identity the certificate.
Algorithm: This fields indicated the algorithm used by the user to sign the
Issuers: This fields indicates the X.500 distinguished Name of the
trusted third party which signed and issued the certificate.
Validity indicates the data from which certificate is valid and the data until
when the certificate is valid.That means valid from to valid to.
Subject: It is
the distinguished name of the entity that owns the certificate.The owner is the
entity associated with the public keyin the certificate. The owner can be
CA,RA,company or application.
key Information: It contains the public key of the subject and
the algorithm identifier.
unique Id: This is a unique identifier to facilate the reuse of issuer’s
name over time.
unique Id: This fields contains a unique identifier to
facilitate the reuse of subject’s name over time.
is present in Version 3.To provide the more information about the certificate
extension are used.
They are important for information security because it surely distributed the the public keys. So that it secured confidential information while
exchanging the information through internet thand also public key
infrastructure provides a secure environment for online transactions,
confidential email and e-commerce by:
• Authenticating the identity of the entities (the
sender and the receiver)
the data integrity.
Taking an example of amazon how it keep it’s
transaction and information secure and
how it’s work:
Consider an online shopping web site such as Amazon.
The server of the Amazon company requests for a digital certificate from a
certificate authority. Then the certificate authority verifies the identity of
the company and generates a digital certificate. It hashes the contents of the
certifi- cate and signs that means the encrypt the hash value using its private
key. It includes this signature in the certificate and issues the certificate
to the company. A user who wants to connect to the Amazon web site enters the
HTTPS web address in his/her browser and the browser connect the website a digital
certificate is sent from the web server of the Amazon company to the
browser.When the browser receives a certificate from the web server it performs
the following tasks:
• It checks
whether the CA who signed the certificate is trusted by the browser. The
browser has already installed the trusteed certificates , so it has the public key information of the
• With the
public key of the CA, the browser decrypts the signature in the company’s
certificate and obtains a hash.
• It also computes a new hash of the content in the
• If both the hashes match, then the signature in
the certificate is verified to be signed by the trusted CA and the public key
in the certificate is valid.
• Now the
name in the certificate is checked against the web site’s name. If it matches
then a secure connection is established for the online transactions it also
checks whether the certificate is within its expiry period.
The various cryptographic functions (symmetric/asymmetric/hash
functions) are employed in X.509 Certificates.As discuss in above an x.509
certificate is something that can be used in software to verify a person
identity &send the person who wons
the certificate encrypted data that only will be able to decrypt the data.Therfore
in addition to verify your identity
,x.509 cetrificate can also be used to secure data instead prying eyes won’t be
able to see it.it does via cryptographic function.
Cryptography is the process of making and using codes to secure the
transmission of information.
There are two types of Crytography:
1. Symmetric Encryption
2. Asymmetric Encryption
It uses the same key for encryption and
decryptyion.The sender uses a key to encrypt the plain text and send the
ciphertext to reciver. The receiver decrypts the ciphrertext with same key that
is used for encryption and reads the message in plaintext. Common Symmetric
encryption algorithm includes
DES is the name of the Federal information
Processing Standard that describes the data encryption language. It is a
symmetric cryptosystem designed for the implementation in hardware and used for
single-user encryption,such as to store files on hard disk in encrypted form.
Where TripleDES and AES used in IPsec and VPNs.
Data Encryption Standard (DES) uses a 64-bit block
size and a 56-bit key. Later on user realized that 56-bit size did not provide
acceptable level of security. Then Triple DES was created to provide a level of
security more than DES.But within a few years ,it needed to be replaced .The
successor to 3Des is the Advanced Encryption Standard .AES is used for the to
encrypt digital information such as telecommunication, financial &
government databases consists of a symmetric key algorithm,i.e., both encrypt
and decrypt are performed using the same key.
AES selection process involved cooperation between the U.S. government, private
industry, and academia from around the world.
AES implements a block cipher called the Rijndael Block Cipher with a
variable block length and a key length of 128, 192, or 256 bits.
It uses different keys for encryption and
decryption.In this type ,Cryprtograhy ,and end user on a public or private
network has a pair of keys that is a public key for encryption and a private
key for decryption.A private key can’t be derived from the public key.In this
type of cryptography,the sender encodes the message with the help of public key
and receiver decodes trhe messge using a random key generates by sender’s
public key.The most common asymmetric encryption algorithm is RSA.
Hash functions are mathematical algorithms that
generate a summary of message or digest
(sometimes called a fingerprint) to confirm the identity of a specific message
and to confirm that there have not been any changes to the content. While they
do not create a ciphertext, hash functions confirm message identity and
integrity, both of which are critical functions in e-commerce. They do not require the use of keys, but it is
possible to attach a message authentication code —a key-dependent, one-way hash
function—that allows only specific recipients (symmetric key holders) to access
the message digest. Because hash functions are one-way, they are used in
password verification systems to confirm the identity of the user.