X.509

X.509 is a standard set by the ITU Telecommunication Standardization Sector (ITU-T). It was developed for Public Key Infrastructure (PKI) in cryptography. This standard primarily defines formats for Public Key Certificates or PKCs. X.509 incorporates a hierarchical structure of certification authorities. This is in contrast to other model systems wherein any individual can attest to the validity of a person or group’s Public Key Certificate.

An X.509 system involves certain elements and processes. The system starts when a certification authority releases a certificate which binds a specific public key to a unique name. Other alternative pieces of information to which the public key could be attached can be an e-mail address or a DNS entry. During the said event, the authenticity of the certificate becomes dependent on the root certificate. Root certificates are an integral part of the X.509 model and are implicitly trusted. Web browsers are common examples of software applications containing pre-installed root certificates.

An X.509 certificate includes a number of variables. These are the certificate signature, the certificate signature algorithm, and the certificate itself.

An X.509 certificate can also be described by a number of characteristics. These aspects include but are not limited to version, serial number, issuer, algorithm ID, public key information, and validity.

X.509 is implemented in a number of protocols. Certain smart card products use X.509 in completing the transfer of data and ensuring the correctness and safety of their transactions. SSH, or Secure Shell, also incorporates the X.509 system in successfully establishing a secure connection between two computers. Transport Layer Security and Secure Multi-purpose Internet Mail Extensions are other protocols applying X.509.