ZyXEL Communications 2WG User Manual

Page 256

Advertising
background image

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

256

Certificate Policies

A Certification Practice Statement.

G05. What is a Certification Authority?

A Certification Authority is a trusted third party that verifies the identity of an applicant registering for

a digital certificate. Once a Certification Authority is satisfied as to the authenticity of an applicant's

identity, it issues that person a digital certificate binding his or her identity to a public key. (Digital

certificates are also issued to organizations and devices, but we will focus on people for the purposes

of this discussion.)

G06. What is a digital certificate?

An electronic credential that vouches for the holder's identity, a digital certificate has characteristics

similar to those of a passport – it has identifying information, is forgery-proof, and is issued by a

trusted third party. Digital certificates are published in on-line directories. Typically, a digital

certificate contains:

The user's distinguished name (a unique identifier)

The issuing Certification Authority's distinguished name

The user's public key

The validity period

The certificate's serial number

The issuing Certification Authority's digital signature is for verifying the information in the digital

certificate.

G07. What are public and private keys, and what is their relationship?

A PKI uses asymmetric cryptography to encrypt and decrypt information. In asymmetric cryptography,

encryption is done by a freely available public key, and decryption is done by a closely guarded

private key. Although the public and private keys in a particular key pair are mathematically related, it

is impossible to determine one key from the other. Each key in an asymmetric key pair performs a

function that only the other can undo.

G08. What are Certificate Policies (CPs)?

Certification Authorities issue digital certificates that are appropriate to specific purposes or

applications. For example, in the Government of Canada Public Key Infrastructure, digital certificates

for data confidentiality are different from those used for digital signatures. Certificate Policies

Advertising
Popular Brands
Popular manuals