zoukankan      html  css  js  c++  java
  • X.509 certificate

    A digital certificate is a collection of data used to securely distribute the public half of a public/private key pair. Figure 1 shows the parts of a typical X.509 certificate that make this possible. Along with structural information, the certificate contains name and contact information for both its issuer and its owner (or subject), plus the owner's public key. A date range indicates when the certificate is valid. Certificate extensions provide additional information and conditions, like acceptable uses for the public key. When assembling the certificate, to vouch for its integrity, the issuer digitally signs it using the issuer's own identity (private key and certificate). 

    Figure 1 

    Contents of an X.509 certificate

    Diagram showing the components of an X.509 certificate, including the version and serial number, the subject and issuer, the validity dates, the public key, the signature, and the extensions.

    To evaluate a certificate, you first verify its signature using the specified algorithm and the issuer's public key, which you obtain from the issuer's publicly available certificate. A valid signature confirms that the certificate under evaluation, known as the leaf certificate, is unaltered. But in order to trust this result, you must also trust the issuer's certificate. You use a similar procedure to test this certificate, and the one that guarantees that certificate, and the next, and so on in a chain back to a trusted root authority whose certificate, known as the anchor, which you trust implicitly. The public key included in the leaf certificate is then considered trustworthy. You can be assured that it has come unaltered from the certificate's owner who controls the corresponding private key. This allows you to securely use the public key to engage in asymmetric cryptography with the certificate's owner.

    https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates

  • 相关阅读:
    JavaScript中运算符的优先级
    JS中在当前日期上追加一天或者获取上一个月和下一个月
    Window命令行工具操作文件
    多线程Worker初尝试
    基于gulp的前端自动化开发构建新
    cURL和file_get_contents实现模拟post请求
    Thinkphp5使用validate实现验证功能
    微信小程序wx.pageScrollTo的替代方案
    js设计模式之代理模式以及订阅发布模式
    js设计模式之单例模式
  • 原文地址:https://www.cnblogs.com/feng9exe/p/8060422.html
Copyright © 2011-2022 走看看