Compartir a través de


Certificates Application Development

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

A certificate is a common credential that provides a means to verify identity. A trusted organization assigns a certificate to an individual or to an entity that associates a public key with the individual. The individual or entity to whom a certificate is issued is called the subject of that certificate. The trusted organization that issues the certificate is a certification authority (CA) and is known as the certificate's issuer. A trustworthy CA will only issue a certificate after it verifies the identity of the certificate's subject.

Certificates use cryptographic techniques to address the problem of the lack of physical contact between the communicating entities. By using these techniques, the possibility of an unethical person intercepting, altering, or counterfeiting messages is limited. These cryptographic techniques make certificates difficult to modify. Therefore, it is difficult for an entity to impersonate someone else.

The data in a certificate includes the public cryptographic key from the certificate subject's public/private key pair. A message signed with its sender's private key can only be retrieved by the message's recipient using the sender's public key. This key can be found on a copy of the sender's certificate. Retrieving a signature with a public key from a certificate proves that the signature was produced by using the certificate subject's private key. If the sender has been vigilant and has kept the private key secret, the receiver can be confident in the identity of the message sender.

On a network, there is often a privileged application known as a certificate server. A CA running on a more secure computer manages the certificate server. This application has access to the public key of all its clients. Certificate servers dispense messages known as certificates, each of which contains the public key of one of its client users. Each certificate is signed with the CA's private key. Thus the receiver of such a certificate can verify that a specified CA sent it.

Digital certificates also include extensions and extended properties that provide additional information about the certificate's subject, such as the subject's e-mail address and the activities that the certificate's subject can perform.

In This Section

  • Certificates and CryptoAPI
    Lists the information that is contained in a standard X.509 certificate or a comparable digital certificate.
  • Certificate Extended Properties
    Provides a short description of how CryptoAPI certificates have dynamic extended properties that can be added and changed.
  • Certificates
    Describes how you can use certificates in Windows Mobile to provide enhanced security in communications and how to use the certificates programming elements to use and manage those certificates.