Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Bruce Stephens
April 3, 2009, 9:16 am
rate this thread
X.509 is a standard providing (amongst many things) a specification
for a certificate: a signed binding of an entity's name (and other
information) and their public key.
Right. Since one can sign anything in such a way that it can be
verified, a CA can create a certificate: a binding of the entity's
name (etc.) and their public key.
Alice can't use just Bob's certificate. She must use a private key to
sign something, and the signature is verified against the public key
in a certificate.
So verification has two parts (not necessarily in this order): you
verify the signature, and you verify that you trust the certificate.
To verify the certificate you construct and verify a certification
path (a sequence of certificates from some CA that you've chosen to
trust to the user certificate). The process is specified in section
10 of X.509, section 6 of RFC 5280.