Public key cryptography is based upon the RSA* algorithm, which was invented
in 1977 by Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. The RSA algorithm
works by taking two large prime numbers, p and q, and finding their product
n = pq; n is known as the modulus. Additionally, a public value, e, is selected
when the key pair is created; e is known as the exponent. An encrypted message
c is computed by raising a message m to the e power, modulo n, as described
below:
c = m^e mod n
To decrypt c and retrieve the original message m, the encrypted message is raised to the d power modulo n; d is known as the private key, as described below:
m = c^d mod n
The mathematical relationship between e and d ensures that the algorithm correctly recovers the original message m, since
c^d = (m^e)^d = m^1 = m mod n
The modulus n is chosen so that it is less than m, thus
m mod n = m, so that
c^d = m
The RSA algorithm works because if you know p, q, and e, it is easy to compute d, but if you know only n and e it is more difficult to determine d. The private key d is actually the inverse of e, modulo the product of (p-1) and (q-1) as described below:
ed = 1 mod (p-1)(q-1)
Thus, the private key is constructed using a modulus of (p-1)(q-1), but encryption and decryption is performed using a modulus of n = pq.
A description of each of the fields in this property page follows. None of the fields are editable.
Key Type
This field identifies the type of key. Novell® Certificate Server utilizes public key cryptography based on the RSA algorithm, of which the key type is RSA Encryption.Key Size
This field displays the size in bits of the modulus for the key pair.Exponent
The public value that a plaintext message is raised to, modulo the modulus that produces the encrypted message. Novell Certificate Server uses a public key value of 65537, or 10001 in hexidecimal notation.Modulus
The value n in the above discussion. See above.
This section displays the individual properties for the X.509 public key certificate. None of the fields are editable. A description of each field follows.
Certificate Version
This field displays the format of the certificate. Version 1 indicates an X.509 v1 certificate, and version 3 indicates an X.509 v3 certificate. Novell® Certificate Server is compatible with version 1 certificates, but Novell Certificate Server generates new certificates only in the version 3 format.Serial Number
This field displays the identification number for this certificate. All certificates issued by a given certificate authority have unique serial numbers, and all certificates issued by Novell Certificate Server have unique serial numbers.Subject Name
This field displays the distinguished name of the entity that owns this certificate. The distinguished name is based on the X.500 naming specification, where the hierarchy is separated by a period (.). The following qualifiers are used in this display:
- CN = Common Name
- OU = Organizational Unit
- O = Organization
- L = Locality
- ST = State
- C = Country
Issuer Name
This field displays the distinguished name of the entity that signed this certificate.Effective Date
This field displays the time and date when this certificate becomes valid. The date is displayed in a locale-specific format. The time is displayed in a 24-hour clock format.Expiration Date
This field displays the date and time when this certificate becomes invalid.Signature Algorithm
This field displays the method used in creating the signature for this certificate and is used when verifying the certificate.
This section shows any extensions defined for the public key certificate that are not displayed on any of the other sections. None of the entries are editable.
Extensions appear only in X.509 v3 certificates. Extensions can be defined as either critical or noncritical. If a system that uses X.509 v3 certificates encounters a critical extension it does not recognize, it must reject the certificate. A noncritical extension can be ignored if it is not recognized.
If the extension is critical, the word "Yes" appears in the Critical column.
You can view more details about an extension by clicking it and clicking Details.
The extensions are viewable as encoded hexidecimal dumps, but the following extensions are decoded:
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.