Self-signed certificate
Encyclopedia
In cryptography
and computer security
, a self-signed certificate is an identity certificate that is signed by its own creator. That is, the person that created the certificate also signed off on its legitimacy.
In typical public key infrastructure
(PKI) arrangements, a digital signature
from a certificate authority
(CA) attests that a particular public key certificate
is valid (i.e., contains correct information). Users, or their software on their behalf, check that the private key used to sign some certificate matches the public key in the CA's certificate. Since CA certificates are often signed by other, "higher ranking," CAs, there must necessarily be a highest CA, which provides the ultimate in attestation authority in that particular PKI scheme.
Obviously, the highest-ranking CA's certificate can't be attested by some other higher CA (there being none), and so that certificate can only be "self-signed." Such certificates are also termed root certificate
s. Clearly, the lack of mistakes or corruption in the issuance of such certificates is critical to the operation of its associated PKI; they should be, and generally are, issued with great care.
In a web of trust
certificate scheme there is no central CA, and so identity certificates for each user can be self-signed. In this case, however, it has additional signatures from other users which are evaluated to determine whether a certificate should be accepted as correct. So, if users Bob, Carol, and Edward have signed Alice's certificate, user David may decide to trust that the public key in the certificate is Alice's (all these worthies having agreed by their signatures on that claim). But, if only user Bob has signed, David might (based on his knowledge of Bob) decide to take additional steps in evaluating Alice's certificate. On the other hand, Edward's signature alone on the certificate may by itself be enough for David to trust that he has Alice's public key (Edward being known to David to be a reliably careful and trustworthy person). There is of course, a potentially difficult regression here, as how can David know that Bob, Carol, or Edward have signed any certificate at all unless he knows their public keys (which of course came to him in some sort of certificate)? In the case of a small group of users who know one another in advance and can meet in person (e.g., a family), users can sign one another's certificates when they meet as a group, but this solution does not scale to larger settings. This problem is solved by fiat in X.509
PKI schemes as one believes (i.e., trusts) the root certificate by definition. The problem of trusting certificates is real in both approaches, but less easily lost track of by users in a Web of Trust scheme.
out of band), then self-signed certificates may decrease overall risk. Self-signed certificate transactions may also present a far smaller attack surface
.
Self-signed certificates cannot (by nature) be revoked, which may allow an attacker who has already gained access to monitor and inject data into a connection to spoof an identity if a private key has been compromised. CAs on the other hand have the ability to revoke a compromised certificate if alerted, which prevents its further use.
Some CA's can verify the identity of person to whom they issue a certificate; for example the US military issues their Common Access Cards in person, with multiple forms of other ID, and only when a higher authority requires the issue.
Speed to Deploy. Self-signed certificates require the two parties to interact (e.g. to securely trade public keys). Using a CA requires on the CA and the certificate holder to interact; the holder of the public key can validate its authenticity with the CA's root certificate.
Customization. Self-signed certificates are easier to customize, for example a larger key size, contained data, metadata, etc.
CA:Certificate authority
CN:Common Name
CSR:Certificate signing request
DER:Distinguished Encoding Rules
O:Organization
OU:Organizational Unit
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
and computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
, a self-signed certificate is an identity certificate that is signed by its own creator. That is, the person that created the certificate also signed off on its legitimacy.
In typical public key infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
(PKI) arrangements, a digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
from a certificate authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
(CA) attests that a particular public key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
is valid (i.e., contains correct information). Users, or their software on their behalf, check that the private key used to sign some certificate matches the public key in the CA's certificate. Since CA certificates are often signed by other, "higher ranking," CAs, there must necessarily be a highest CA, which provides the ultimate in attestation authority in that particular PKI scheme.
Obviously, the highest-ranking CA's certificate can't be attested by some other higher CA (there being none), and so that certificate can only be "self-signed." Such certificates are also termed root certificate
Root certificate
In cryptography and computer security, a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority . A root certificate is part of a public key infrastructure scheme...
s. Clearly, the lack of mistakes or corruption in the issuance of such certificates is critical to the operation of its associated PKI; they should be, and generally are, issued with great care.
In a web of trust
Web of trust
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure ,...
certificate scheme there is no central CA, and so identity certificates for each user can be self-signed. In this case, however, it has additional signatures from other users which are evaluated to determine whether a certificate should be accepted as correct. So, if users Bob, Carol, and Edward have signed Alice's certificate, user David may decide to trust that the public key in the certificate is Alice's (all these worthies having agreed by their signatures on that claim). But, if only user Bob has signed, David might (based on his knowledge of Bob) decide to take additional steps in evaluating Alice's certificate. On the other hand, Edward's signature alone on the certificate may by itself be enough for David to trust that he has Alice's public key (Edward being known to David to be a reliably careful and trustworthy person). There is of course, a potentially difficult regression here, as how can David know that Bob, Carol, or Edward have signed any certificate at all unless he knows their public keys (which of course came to him in some sort of certificate)? In the case of a small group of users who know one another in advance and can meet in person (e.g., a family), users can sign one another's certificates when they meet as a group, but this solution does not scale to larger settings. This problem is solved by fiat in X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
PKI schemes as one believes (i.e., trusts) the root certificate by definition. The problem of trusting certificates is real in both approaches, but less easily lost track of by users in a Web of Trust scheme.
Security Issues
CAs are third parties who have access to the private keys and require both parties to trust the CA. (CAs are typically large, impersonal enterprises and a high value target for compromise.) If the parties know each other, trust each other to protect their private keys, and can confirm transfer public keys (e.g. compare the hashHash
Hash may refer to:* Hash symbol, the glyph #* Hash mark , one of various symbols* Hash , a coarse mixture of ingredients* Hash chain, a method of producing many one-time keys from a single key or password...
out of band), then self-signed certificates may decrease overall risk. Self-signed certificate transactions may also present a far smaller attack surface
Attack surface
The attack surface of a software environment is the code within a computer system that can be run by unauthenticated users. This includes, but is not limited to: user input fields, protocols, interfaces, and services....
.
Self-signed certificates cannot (by nature) be revoked, which may allow an attacker who has already gained access to monitor and inject data into a connection to spoof an identity if a private key has been compromised. CAs on the other hand have the ability to revoke a compromised certificate if alerted, which prevents its further use.
Some CA's can verify the identity of person to whom they issue a certificate; for example the US military issues their Common Access Cards in person, with multiple forms of other ID, and only when a higher authority requires the issue.
Other Issues
Cost. Self-signed certificates can be created for free using a wide variety of tools including Java's keytool, Adobe Reader, and Apple's Keychain. Certificates bought from major CA's range from $10s to $1000s of dollars per year. (Need references.)Speed to Deploy. Self-signed certificates require the two parties to interact (e.g. to securely trade public keys). Using a CA requires on the CA and the certificate holder to interact; the holder of the public key can validate its authenticity with the CA's root certificate.
Customization. Self-signed certificates are easier to customize, for example a larger key size, contained data, metadata, etc.
See also
- Web of trustWeb of trustIn cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure ,...
- Digital signatureDigital signatureA digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
- Certificate serverCertificate serverCertificate servers validate, or certify, keys as part of a Public key infrastructure. Keys are strings of text generated from a series of encryption algorithms that allow you to secure communication for a group of users...
- Characters in cryptography
- Signing a SSL certificate with an authority
Terminology
C:CountryCA:Certificate authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
CN:Common Name
CSR:Certificate signing request
Certificate signing request
In public key infrastructure systems, a certificate signing request is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate...
DER:Distinguished Encoding Rules
Distinguished Encoding Rules
Distinguished Encoding Rules , is a message transfer syntax specified by the ITU in X.690. The Distinguished Encoding Rules of ASN.1 is an International Standard drawn from the constraints placed on basic encoding rules encodings by X.509. DER encodings are valid BER encodings...
O:Organization
OU:Organizational Unit
External links
- http://www.madboa.com/geek/openssl/#cert-self
- http://gagravarr.org/writing/openssl-certs/personal.shtml
- http://www.mobilefish.com/services/ssl_certificates/ssl_certificates.php
- http://www.makecert.com/tools/create-self-signed-ssl-certificate/