Digital Certificates
In asymmetric cryptography a key pair , including private and public keys, is defined for each subject. The public key can be accessible by everyone who wants to communicate with the owner of that key. In order to make public key easily accessible by everyone, it is published within the corresponding certificate
A certificate has following properties:
- Must be digital in order to ve used and published electronically (i.e. internet).
- Include subject's name
- Certificate issue date is clearly defined
- Issued by a trusted authority (CA)
- Unique for a each CA
- Its integrity is protected by signature
- The up-to-dateness of the information can be easily confirmed
- Include key usage and policies
ITU defined X.509 certificate standart having the properties listed above. A sample X.509 certificate is demonstrated below:
Qualified Certificate
Qualified Certificates are defined in RFC 3739 by taking X.509 certificate as basis and given only to real persons. Qualified certificates are used in Turkey and many European countries to create signatures equivalent to the signatures on papers in. The most important property that differentiate this certificate from standard X.509 certificate is the strict legislation applied during the creation and maintenance of the certificates. There are very strong authentication mechanisms when the certificate is given to the owner and the operation centers are strictly audited.
Some important features of the qualified certificates:
Issuer Name is a subset of the following components: domainComponent, countryName, stateOrProvinceName, organizationName, localityName, serialNumber.
Subject Nameis a subset of: countryName, commonName, surname, givenName, pseudonym, serialNumber, organizationName, organizationalUnitName, stateOrProvinceName ,localityName, postalAddress.
Integrity of the certificate
In order to protect the integrity of the certificate, it is signed by the issuer and the signature is appended to the certificate. Thus any modification over the certificate can be detected. Certificates are validated by verifying their signature.
