Certificates Application Development
A version of this page is also available for
4/8/2010
A certificate is a common credential that provides a means to verify identity. A trusted organization assigns a certificate to an individual or to an entity that associates a public key with the individual. The individual or entity to whom a certificate is issued is called the subject of that certificate. The trusted organization that issues the certificate is a certification authority (CA) and is known as the certificate's issuer. A trustworthy CA will only issue a certificate after it verifies the identity of the certificate's subject.
Certificates use cryptographic techniques to address the problem of the lack of physical contact between the communicating entities. By using these techniques, the possibility of an unethical person intercepting, altering, or counterfeiting messages is limited. These cryptographic techniques make certificates difficult to modify. Therefore, it is difficult for an entity to impersonate someone else.
The data in a certificate includes the public cryptographic key from the certificate subject's public/private key pair. A message signed with its sender's private key can only be retrieved by the message's recipient using the sender's public key. This key can be found on a copy of the sender's certificate. Retrieving a signature with a public key from a certificate proves that the signature was produced by using the certificate subject's private key. If the sender has been vigilant and has kept the private key secret, the receiver can be confident in the identity of the message sender.
On a network, there is often a privileged application known as a certificate server. A CA running on a more secure computer manages the certificate server. This application has access to the public key of all its clients. Certificate servers dispense messages known as certificates, each of which contains the public key of one of its client users. Each certificate is signed with the CA's private key. Thus the receiver of such a certificate can verify that a specified CA sent it.
Digital certificates also include extensions and extended properties that provide additional information about the certificate's subject, such as the subject's e-mail address and the activities that the certificate's subject can perform.
In This Section
- Supported CryptoAPI 2.0 APIs
Lists all the APIs that are supported in Windows Mobile.
- Unsupported CryptoAPI 2.0 APIs
Lists all the APIs that are not supported in Windows Mobile.
- X.509 Digital Certification
Describes X.509, a commonly used digital certification method that is supported by Windows Mobile.
- Certificates and CryptoAPI
Lists the information that is contained in a standard X.509 certificate or a comparable digital certificate.
- Encoding and Decoding a Certificate Context
Provides a description of how the certificates APIs enable encoding and decoding.
- Certificate Extended Properties
Provides a short description of how CryptoAPI certificates have dynamic extended properties that can be added and changed.
- Managing Certificates with Certificate Stores
Describes how you can manage certificates and how you can use the Certificates APIs to store, retrieve, delete, list (enumerate), and verify certificates.
- Adding Root Certificates to Windows Mobile
Describes one method for importing additional certificates into the root certificate store.
Related Sections
- Certificates
Describes how you can use certificates in Windows Mobile to provide enhanced security in communications and how to use the certificates programming elements to use and manage those certificates.