2 Managing X.509 Certification; The Principles Of Digital Certification - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 08-05-2008 Installation Manual

42
Managing X.509 Certification
An increasing number of authentication mechanisms are based on cryptographic proce-
dures. Digital certificates that assign cryptographic keys to their owners play an important
role in this context. These certificates are used for communication and can also be
found, for example, on company ID cards. The generation and administration of certifi-
cates is mostly handled by official institutions that offer this as a commercial service.
In some cases, however, it may make sense to carry out these tasks yourself, for example,
if a company does not wish to pass personal data to third parties.
YaST provides two modules for certification, which offer basic management functions
for digital X.509 certificates. The following sections explain the basics of digital certi-
fication and how to use YaST to create and administer certificates of this type. For more
detailed information, refer to
http://www.ietf.org/html.charters/
pkix-charter.html.
42.1 The Principles of Digital
Certification
Digital certification uses cryptographic processes to encrypt data, protecting the data
from access by unauthorized people. The user data is encrypted using a second data
record, or key. The key is applied to the user data in a mathematical process, producing
an altered data record in which the original content can no longer be identified. Asym-
metrical encryption is now in general use (public key method). Keys always occur in
pairs:
Managing X.509 Certification 803