was first launched on July 3, 1988 as a part of X.500 and was developed by
ITU-T. It was developed in order to support the requirements of X.400
electronic mail exchange and name lookup. It is a certificate standard which is
followed by every business organization, government etc. this certificate
format is used in
S/MIME(Secure/Multipurpose Internet Mail
IP Security(Internet Protocol Security)
SSL/TLS(Secure Socket Layer/ Transport Layer
HTTPS(Hypertext Transfer Protocol Secure)
In simple word we can say that
X.509 is a public key cryptography-based which authenticates the entity on the
other end of a communication (outer world) who may be someone or something else
which is fake or also can be the authentic one. This standard allow various
option for ensuring authenticity of signed messages. It is assumed that the
signing will be based on SHA-1(SHA-1 is a cryptographic has function).
We can further more be clear with
the help of following example
First we have an unsigned
certificate which contains a user Id and the key. Then the certificate is hash
and the CA will encrypt the certificate with their private key. Then we will
have a signed certificate and if we want to verify the certificate than we can
use CA public key.
X.509 contains the information about the identity to whom
certificate was issued and the identity of the one who issued it. X.509
certificate format comes in 3 different versions with all mainly the same data.
Later versions handle new security issues that arose in the early to late90’s.
The structure of X.509 certificate is as follows,
Version: It shows the certificate format used
(version1, version2, version3)
Serial number: CA must assign it a serial number
that is different from other certificate so the value must be unique.
Signature Algorithm ID: Algorithm used by the issuer, Algorithm not
dictated but RSA is recommended.
Issuer Name: Name of the issuer usually CA that
created and signed the certificate.
Validity Period: It contains two dates, start
date and end date.
Subject Name: It contains the name of user to
whom certificate is destine for.
Public Key Info: Algorithm for which to use with
key and associated parameter.
Issuer Unique ID: Optional bit string to
identify issuing CA.
Subject Unique ID: Optional bit string identify
Extensions: It Contains an ID, Criticality and a
X.509 is very important for securing information, as we can
see when we visit any web page through a browser, our browser alerts us in few
different ways. Most of the sites indicates with green text with a symbol of a
lock and with the word ‘Secure’
If we see such symbol in any web page, it’s reading the
X.509 certificate of a page and verifying the safety through SSL/TLS. It protects important information from getting
stolen so many web page has this certificate to safeguard not only their
personal information but also the sensitive customer inputs like credit card
It also verify a person’s identity whether he/she is the
correct person or not so that the information is passed down to the correct
person not only that but It also protect the information by encrypting the
information and the person who owns the certificate will be the one to decrypt
and will be able to read.
Let’s see how X.509 uses asymmetric key cryptography,
In simple word we can say that one key is used to lock the
data whereas different key is used to unlock the data. This cryptography is
also called public/private key cryptography.
One of the key is given
freely to everyone which is called public key and the other
key is totally private so that none will be able to see or use which is called
Any data that are locked using public key cannot be unlocked
by the person who locked it, the only one who can unlock is the one who has
private key this is the reason why public key is distributed to everyone but
private is given to the only one who is meant to have it.