This page is obsolete and should be updated
In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users (“endorsements”). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
Classicaly they are different class of certificate:
- Class 1 for individuals, intended for email;
- Class 2 for organizations, for which proof of identity is required;
- Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority (CA).
Certificates are useful for large-scale public-key cryptography. Securely exchanging secret keys amongst users becomes impractical to the point of effective impossibility for anything other than quite small networks. Public key cryptography provides a way to avoid this problem.
A certificate typically includes:
- The public key being signed.
- A name, which can refer to a person, a computer or an organization.
- A validity period.
- The location (URL) of a revocation center.
- The digital signature of the certificate, produced by the CA’s private key