digital certificates must also be unique and reliable. In order to achieve this goal, many technologies need to be adopted. Usually, digital certificates adopt public key system, that is, a pair of matching keys are used for encryption and decryption. Each user sets a specific private key (private key) that is only owned by himself, and uses it to decrypt and sign; At the same time, a public key (public key) is set and made public by myself, which is enjoyed by a group of users and used for encryption and signature verification. When sending a confidential document, the sender uses the receiver's public key to encrypt the data, and the receiver uses its own private key to decrypt it, so that the information can reach the destination safely and correctly. The encryption process is guaranteed to be irreversible by digital means, that is, only the private key can be used to decrypt it. Public key technology solves the management problem of key distribution, and users can disclose their public keys while keeping their private keys.
the contents of a digital certificate generally include:
the owner's public key
the owner's name
the expiration date of the public key
the name of the issuing institution (the CA)
the serial number of the digital certificate
the digital signature of the issuing institution
The widely accepted digital certificate format is defined by CCITT X.59 international standard; Therefore, any application conforming to X.59 can read and write certificates. It is further clearly expressed in PKCS standard and PEM standard.
the process of issuing digital certificates is generally as follows: users first generate their own key pairs, and send the public key and some personal identification information to the authentication center. After verifying the identity, the authentication center will perform some necessary steps to make sure that the request is indeed sent by the user. Then, the authentication center will issue a digital certificate to the user, which contains the user's personal information and his public key information, along with the signature information of the authentication center. Users can use their own digital certificates to carry out various related activities. Digital certificates are issued by independent certificate issuing agencies. Digital certificates are different, and each certificate can provide different levels of credibility. You can obtain your own digital certificate from a certificate authority.
At present, the types of digital certificates mainly include: personal digital certificate, company digital certificate, company employee digital certificate, server certificate, VPN certificate, WAP certificate, code signing certificate and form signature certificate. It is used to identify the identities of communication parties in network communication and ensure the confidentiality, integrity and authenticity of the four elements of network security.