Which of the following correctly identifies some of the contents of an end user’s X.509 certificate?

Which of the following correctly identifies some of the contents of an end user’s X.509 certificate?

Which of the following correctly identifies some of the contents of an end user’s X.509 certificate?

A.
A: User’s public key, object identifiers, and the location of the user’s electronic identity

B.
User’s public key, the serial number of the CA certificate, and the Certificate Revocation List
(CRL) entry point

C.
User’s public key, the Certificate Authority (CA) distinguished name, and the type of symmetric
algorithm used for encryption

D.
User’s public key, the certificate’s serial number, and the certificate’s validity dates

Explanation:

The X.509 standard defines what information can go into a certificate, and describes how to write
it down (the data format). All X.509 certificates have the following data, in addition to the signature:
Version
Serial Number The entity that created the certificate, the CA, is responsible for assigning it a serial
number to distinguish it from other certificates it issues.
Signature Algorithm Identifier
Issuer Name The X.500 name of the entity that signed the certificate. This is normally a CA. Using
this certificate implies trusting the entity that signed this certificate.
Validity Period
Subject Name
Subject Public Key Information This is the public key of the entity being named, together with an
algorithm identifier which specifies which public key crypto system this key belongs to and any
associated key parameters.
Reference:
http://csrc.nist.gov/pki/panel/santosh/tsld002.htm



Leave a Reply 0

Your email address will not be published. Required fields are marked *