Table of Contents
Advertisement
Glossary
X.509 Certificate
102 von 105
Such a huge network makes little sense. It becomes necessary to
form subnets. The subnet mask serves this purpose. Like an IP
address, this a field 4 bytes long. The value 255 is assigned to
each of the bytes representing the network address. This serves
mainly to "borrow" a part from the host address area in order to use
it to address subnets. In a Class B network, for example, (2 bytes
for the network address, 2 bytes for the host address) the 3rd byte,
which is normally reserved for the host address, can now be used
for subnet addresses by applying the subnet mask 255.255.255.0.
In terms of figures, this means that 256 subnets can be created,
each with 256 hosts.
A kind of "seal" which proves the authenticity of a Public Key (#
asymmetrical encryption) and appendant data.
So that the user of the public key for encryption can be certain that
the public key conveyed to him really does come from its issuer
and hence from the entity that is to receive the data to be sent,
certification can be used. This verification of the authenticity of the
public key and the consequent link between the identity of the
issuer and his key is performed by a Certification Authority or CA.
This is done according to the rules of the CA, for example by the
issuer of the public key being required to appear in person.
Following successful inspection the CA signs the public key with its
(digital) signature. A certificate is created.
An X.509(v3) certificate therefore contains a public key, information
about the key owner (given as Distinguished Name (DN)),
permitted designated uses, etc. and the signature of the CA.
The signature is created as follows: from the bit sequence of the
public key, the data on its owner and other data, the CA creates an
individual bit sequence which can be up to 160 bits long, the HASH
value. This is encrypted by the CA using its private key and added
to the certificate. Encryption with the CA's private key is proof of
authenticity, i.e. the encrypted HASH character sequence is the
digital signature of the CA. Should the data of the certificate be
changed without authorization, the HASH value is no longer correct
and the certificate then becomes worthless.
The HASH value is also known as the fingerprint. As it is encrypted
with the private key of the CA, anyone in possession of the
corresponding public key can decrypt the bit sequence and thus
check the authenticity of the fingerprint or signature in question.
Involving certification authorities means that not every key owner
needs to know the other one, but only the certification authority
used. The additional key information also simplifies the
administrability of the key.
X.509 certificates are employed, e.g. in e-mail encryption, using
S/MIME or IPsec.
SINAUT MD740-1
Advertisement
Table of Contents
