X.509

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

X.509 is an ITU-T standard for public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates and a certification path validation algorithm.

X.509 Versions

X.509 Version 1 was issues in 1988 as a part of the ITU X.500 Directory Services standard. X.509 Version 2 was released in 1993 and added two more fields. These two additional fields support directory access control. X.509 Version 3 defines the format for certificate extensions used to store additional information regarding the certificate holder and to define certificate usage.

Certificate Structure

The structure of a X.509 v3 digital certificate is as follows:

• Certificate
  • Version
  • Serial Number
  • Algorithm ID
  • Issuer
  • Validity
    • Not Before
    • Not After
  • Subject
  • Subject Public Key Info
    • Public Key Algorithm
    • Subject Public Key
  • Issuer Unique Identifier (Optional)
  • Subject Unique Identifier (Optional)
  • Extensions (Optional)
    • ...
• Certificate Signature Algorithm
• Certificate Signature

Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3.

External Links

• X509 Style Guide
• X.509 Certificates and Certificate Revocation Lists (CRLs)
• IETF Public-Key Infrastructure (X.509) (pkix)