tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
X.509 certificate A type of "seal" which verifies the authenticity of the public key (�<br />
asymmetric encrypt<strong>io</strong>n) and corresponding data.<br />
Small lexicon of routers<br />
The possibility of certificat<strong>io</strong>n exists so that the user of the public key (used<br />
for encrypt<strong>io</strong>n) can be certain that the public key really originated from its<br />
actual originator and thus from the party who was intended to receive the<br />
data to be sent. A certificat<strong>io</strong>n authority (CA) checks the authenticity of the<br />
public key and the associated linking of the originator’s identity with its key.<br />
This takes place according to the CA’s rules, which may require the<br />
originator of the public key to appear in person. After a successful check, the<br />
CA signs the public key with its (digital) signature. A certificate is created.<br />
An X.509(<strong>v3</strong>) certificate thus contains a public key, informat<strong>io</strong>n about the<br />
owner of the key (specified by distinguished name [DN]), allowed purposes<br />
of use, etc. and the signature of the CA.<br />
The signature is created as follows: The CA creates an individual bit<br />
sequence up to 160 bits long known as the HASH value from the public<br />
key’s bit sequence, the data on its owner and from addit<strong>io</strong>nal data. The CA<br />
encrypts this with its private key and adds the certificate. Encrypt<strong>io</strong>n with the<br />
CA’s private key verifies authenticity, meaning that the encrypted HASH<br />
character sequence is the CA’s digital signature. If the data of the certificate<br />
appears to have been manipulated, this HASH value will no longer be<br />
correct and the certificate will be worthless.<br />
The HASH value is also referred to as a fingerprint. Since it is encrypted with<br />
the CA’s private key, anyone who has the appropriate public key can encrypt<br />
the bit sequence and thus check the authenticity of this fingerprint or this<br />
signature.<br />
By using the services of authenticat<strong>io</strong>n authorities, it is possible that one key<br />
owner need not know the other, only the authenticat<strong>io</strong>n authority. The<br />
addit<strong>io</strong>nal informat<strong>io</strong>n for the key also simplifies the administrative efforts for<br />
the key.<br />
X.509 certificates are used for email encrypt<strong>io</strong>n, etc. using S/MIME or IPsec.<br />
TAINY xMOD Page 105 of 111