Certificates and Keys

I want to talk about certificates. But first let's define a few terms. A key is a number in binary form, which is stored in a text file. That being said, a digital certificate is a pair of public and private keys. It is created by a certificate authority like Verisign. The digital certificate is used for encryption and decryption. The certificate is assigned to either an individual or an organization.

Now that we know what digital certificates are, we can define a key server as a machine which holds the public keys of the digital certificates. There are some potential problems with certificate use. Some applications do not take them. And some unscrupulous individuals forge digital certificates. Finally it can take a lot of work to get the certificates in the first place.

Let us put aside the certificate problems and talk some more about them. A digital certificate can hold a lot of information such as the version, serial number, issuer name, period of validity, and public key. For companies, you are going to want to set up a certificate policy. The policy covers issues like where logs are stored, whether keys get backed up, and validity periods. Armed with all this information, I am ready to discuss what PKCS is next time. See you then.