Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [certificates]

A certificate consists of a public key and information about the owner (e. g. the name of a person or server).

A certificate consists of a public key and information about the owner (e. g. the name of a person or server).

Certificates are usually signed by a certification authority to proof the correctness of the owner information.

277 questions
28
votes
2 answers

Unpredictability of X.509 serial numbers

About X.509 certificates serial numbers the RFC 5280 says: The serial number MUST be a positive integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number…
Jcs
  • 511
  • 1
  • 7
  • 12
15
votes
3 answers

Are there other digital certificate formats than X.509?

Hi I am a little new to security, but in researching digital certificates it seems the only format people describe is X.509. Are there other formats? If so what are they and where can I find information on them?
user3137124
  • 253
  • 2
  • 5
5
votes
1 answer

What is Cross signing of root certificates and how does it help at time of root certificate expiry?

I got to know that Root CA's are cross signed so that at the time of certificate expiry, there are no outages. However, I am unable to find any good docs explaining how cross signing works and how it prevents outages when a root CA certificate is…
Techievent.in
  • 61
  • 1
  • 3
4
votes
1 answer

What is the maximum length of a X.509 OID?

I'm working on a feature for a project to determine if a given X.509 certificate is an EV Certificate, and if so, who is the authority behind that certificate. To do this, I grabbed the list of EV OIDs from Wikipedia, and keep them in a hash of OID…
ecnepsnai
  • 143
  • 5
4
votes
1 answer

How is the root certificate transmitted to pc?

i understand that the purpose of root certificates and CA's is to ensure that the communication parties are who they say they are. But how is the root certificate acquired? Is it not possible that during the acquisition someone is pretending to be…
ele lont
  • 199
  • 1
  • 5
4
votes
1 answer

What security do digital signatures provide (like used when signing PDFs)?

I want to ask you one question about digital signatures as they are (for example) used when digitally signing PDFs. We know that if our document has a digital signature, we can detect if the original document has been altered or not. And if we want…
h1px0
  • 41
  • 1
3
votes
1 answer

X509 CertificatePolicies, IssuerAlternativeNames, BasicConstraints extensions. What is done when Issuer signs?

I have got one theoretical question related to extensions of X509 Certificate. More precisely I have question about what is happening when issuer signs subject's certificate with has several extensions, especially I am interested in three…
Lululu
  • 133
  • 5
3
votes
1 answer

Shortest Path for Certificate Network

I was reading an example from my textbook about verifying a certificate from a client using a certificate network. The example in the book is as follows: A issues a certificate to B. A issues a certificate to C. A issues a certificate…
Robert
  • 31
  • 1
3
votes
3 answers

X509 certificate

I am studying the X509 certificate structure and here is an OpenSSL configuration file for generating the certificate. ("sth" just mean the actual string is removed) [ req ] prompt = no distinguished_name =…
drdot
  • 359
  • 4
  • 11
2
votes
1 answer

How does a receiver treat X.509 self-certificate with unknown the Signature Algorithm ID?

As I know X.509 self-certificate is a mechanism that the host generates public and private keys, the public key will insert to a certification and the private key will be used to sign the certification. The receiver will verify the certificate by…
user201635
  • 23
  • 3
2
votes
1 answer

How can Bob validate Alice’s certificate?

Suppose that Alice has a certificate CA1 << Alice >> issued by the certification authority CA1, and Bob has a certificate CA2 << Bob >> issued by a different certification authority CA2. It is known that CA1 possesses a certificate CA2 << CA1 >> issued…
foram
  • 31
  • 4
1
vote
1 answer

Difference Between PEM vs P12 vs CRT vs JKS vs keystore vs PKCS vs x509 certificates

Sorry noob here. I am so much confused about lot of files used client authentication certificates. Can anyone guide me on the difference between PEM vs P12 vs CRT vs JKS vs Keystore vs PKCS vs x509 certificates?
Imran Qadir Baksh - Baloch
  • 139
  • 1
  • 1
  • 5
1
vote
1 answer

What does the PFX file extension stand for

PFX is commonly used as a synonym of PKCS#12 certificate stores. However, I've never seen an explanation why these stores are called PFX (on Microsoft platforms) in multiple articles, including those of Microsoft. I can think up some names for what…
Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
1
vote
1 answer

How can i verify a certificate to root?

I write some certificate Authority that has it's own private/public cert keys . This CA signs public keys of user. If for example i have user that has a public cert that signed by the CA. How I can verify later that the user's certificate as indeed…
KaramJaber
  • 113
  • 3
1
vote
1 answer

Direct Anonymous Attestation to replace CA

In term of authentication, I have the impression that to trust an entity it is mandatory to have a Certification Authority involve. Today I stumble upon an article something called Direct Anonymous Attestation is possible to get rid of CA. How is…
Consy
  • 367
  • 2
  • 8
1
2 3