ZyXEL p-660hwp Guia Do Utilizador
P-660HWP-Dx User’s Guide
35
C
H A P T E R
13
Certificates
This chapter gives background information about public-key certificates and explains how to
use them.
use them.
13.1 Certificates Overview
The P-660HWP-Dx can use certificates (also called digital IDs) to authenticate users.
Certificates are based on public-private key pairs. A certificate contains the certificate owner’s
identity and public key. Certificates provide a way to exchange public keys for use in
authentication.
A Certification Authority (CA) issues certificates and guarantees the identity of each
certificate owner. There are commercial certification authorities like CyberTrust or VeriSign
and government certification authorities. You can use the P-660HWP-Dx to generate
certification requests that contain identifying information and public keys and then send the
certification requests to a certification authority.
When using public-key cryptology for authentication, each host has two keys. One key is
public and can be made openly available; the other key is private and must be kept secure.
Public-key encryption for authentication works as follows.
Certificates are based on public-private key pairs. A certificate contains the certificate owner’s
identity and public key. Certificates provide a way to exchange public keys for use in
authentication.
A Certification Authority (CA) issues certificates and guarantees the identity of each
certificate owner. There are commercial certification authorities like CyberTrust or VeriSign
and government certification authorities. You can use the P-660HWP-Dx to generate
certification requests that contain identifying information and public keys and then send the
certification requests to a certification authority.
When using public-key cryptology for authentication, each host has two keys. One key is
public and can be made openly available; the other key is private and must be kept secure.
Public-key encryption for authentication works as follows.
1 Tim wants to send a private message to Jenny. Tim generates a public-private key pair.
What is encrypted with one key can only be decrypted using the other.
2 Tim keeps the private key and makes the public key openly available.
3 Tim uses his private key to encrypt the message and sends it to Jenny.
4 Jenny receives the message and uses Tim’s public key to decrypt it.
5 Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny’s
3 Tim uses his private key to encrypt the message and sends it to Jenny.
4 Jenny receives the message and uses Tim’s public key to decrypt it.
5 Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny’s
public key to decrypt the message.
The P-660HWP-Dx uses certificates based on public-key cryptology to authenticate users
attempting to establish a connection. The method used to secure the data that you send through
an established connection depends on the type of connection. For example, a VPN tunnel
might use the triple DES encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can then use the
certification authority’s public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that validate a
certificate. The P-660HWP-Dx does not trust a certificate if any certificate on its path has
expired or been revoked.
attempting to establish a connection. The method used to secure the data that you send through
an established connection depends on the type of connection. For example, a VPN tunnel
might use the triple DES encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can then use the
certification authority’s public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that validate a
certificate. The P-660HWP-Dx does not trust a certificate if any certificate on its path has
expired or been revoked.