Certificate Directory for supporting Digital Signature
and Encryption

What is PKI?

As a means of securing and authenticating email communication and data on the Internet, the so-called asymmetric encryption technology is increasingly winning recognition. Thus, it is possible to encrypt a document in such a way that only the addressee is able to decrypt it again, without an exchange of secret keys having to take place prior to the transmission. A public key, which is mathematically related to the secret private key (which is used for decryption by the addressee), is used for encryption.

A certificate is such a public key which was certified by a Certificate Authority (CA) to belong to a specific person. Apart from encryption, this technology also allows digital signing of documents and, in turn, verification of a signed document's authenticity. Corresponding technologies are Public Key Infrastructure (PKI), X.509, S/MIME, SSL and PGP.

Our solution:

We offer CAs to centrally publish their certificates (X.509 or PGP) in a directory operated by us. We can also support you in setting up your own directory service in such a way that your data can be integrated in an inter-domain index.

Apart form the well-established standard for certificate storage in directory services [1], we additionally support a new data model, which we developed in the course of a DFN research project and which we introduced to the IETF (Internet Engineering Task Force) for standardization [2]. This new approach also solves the problem of multiple certificates for one user.

1. "Internet X.509 Public Key Infrastructure - LDAP Schema and Syntaxes for PKIs", Chadwick, D. and S. Legg, Internet Draft (a work in progress), June 2002, <draft-ietf-pkix-ldap-pki-schema-00.txt>.
2. "An LDAPv3 Schema for X.509 Certificates", Gietz, P. and N. Klasen, Internet Draft (a work in progress), November 2002, <draft-klasen-ldap-x509certificate-schema-01.txt>.