An absolutely minimal introduction to certificates
So, what is a certificate anyway?
(Note to reader: I might mean an X.509 certificate, or I might mean a PGP certificate, or I might mean some other kind of certificate which adheres to the same principles; take your pick).
A certificate consists of three things:
- A public key, belonging to the holder of the certificate
- Some arbitrary information about the holder of the certificate * A signature, generated by the private key of the issuer of the certificate
That’s it.
The “holder” and “issuer” might be the same person, they might be utterly unrelated — but actually, that doesn’t tend to be relevant. More importantly, is that the public key of the holder contained within the certificate may be a counterpart to the private key belonging to the issuer (used to generate the signature), or they might be completely distinct from one another.
When those public and private keys are counterparts to one another, we call it a self-signed certificate. In X.509-land, this is also termed a root certificate.
In the world of PGP, you always start with a self-signature, but then ask other people to sign your certificate with their private keys as well. With X.509, a particular certificate only ever has one signature.
How do you know if a certificate is valid?
- everything computationally matches up (i.e., the signature matches both the data being signed, and the public counterpart to the private key used to generate it — in other words, that the certificate hasn’t been tampered with);
- whether the “arbitrary information” contains anything to tell you that it isn’t valid, such as an expiry date in the past, or a set of “intended purposes” which differ from that which the certificate is being offered for;
- whether third-party information tells you the certificate isn’t valid any more: such as a Certificate Revocation List.
How do you know whether you trust a certificate?
Well, that depends upon how much you trust the person (or people, in the case of PGP) whose keys were used to generate the signatures.
How do you know whether you trust them?
There is no good answer to that question.
With PGP, you’re like a digital Mulder: you trust no-one, at least not until you’ve verified they are who they say they are (and even then, you don’t actually trust them — as in, trust their judgement — unless you know them). Because PGP has only really taken off in certain circles (and even then, only to a limited degree), the PGP “web of trust” is pretty small, all told.
With X.509, every application has a list of Certificate authorities whose word you take for it, and this includes every browser (and smartphone) that you use. To keep a nice, open, competitive market, the list of certificate authorities in the typical browser is rather long, and will contain a huge swathe of names you’ve never heard of… which, in many respects, pretty much defeats the point. Whenever you hear news of a “certificate authority being compromised”, it means that the key belonging to one of these authorities which your applications implicitly trust has fallen into the wrong hands, or they’ve been tricked into issuing certificates requested fraudulently — and this has been happening rather a lot of late.
Like I said, there is — currently — no good answer to that question.
