Digital certificates
Certificates are digital documents which map a public key to an entity. The certificate verifies that the public key belongs to an individual entity. It also prevents an entity from using the key to impersonate another entity.
Certificates are used to generate confidence in the legitimacy of a public key. An entity that is verifying a signature can also verify the signer’s certificate to ensure that no forgery or false representation occurred. Before sending a message, the user requests a certificate be presented. The certificate contains the recipient’s identity and public key. This information is then used to encrypt the message.
A certificate contains at least a public key, a name, and most importantly, the digital signature of the certificate issuer. The certificate can also contain an expiration date, the name of the certifying authority that issued the certificate, a serial number and other optional additional information.
The most widely accepted format for certificates is X.509 because X.509 is an international standard. Any application complying with X.509 can read and write certificates.