HOME II For Advanced Users Top 16 The certificate server15 Certificate details Contents German

15 Certificate details

In Chapter 7.3, you have already seen the detailed dialog for the certificate you generated. It contains a lot of information about your certificate. The following section provides a more detailed overview of the most important points, with brief information on the differences between OpenPGP and X.509 certificates, including:

The user ID
consists of the name and e-mail address which you entered during the certificate creation process, e.g.
Heinrich Heine <heinrich@gpg4win.de>

For OpenPGP certificates, you can use Kleopatra to add additional user IDs to your certificate using the menu Certificates -> Add user ID... menu item. This makes sense if, for example, you wish to use the same certificate for another e-mail address.

Please note: Kleopatra only allows you to add user IDs for OpenPGP certificates, but not X.509.

are used to differentiate multiple certificates from each other. You can use fingerprints to look for (public) certificates, which are stored on a globally available OpenPGP certificate server (key server) or an X.509 certificate server. You can read more about certificate servers in the next chapter.
The key ID
consists of the last eight characters of the fingerprint and fulfils the same function. While less characters make it easier to handle key IDs, they also increase the risk of multiple hits (different certificates with the same ID).
The validity
of certificates describes the duration of their validity and their expiry date, if applicable.

In the case of OpenPGP certificates, the validity is usually set to Indefinite . You can change this in Kleopatra by clicking on [Change expiry date] in the certificate details - or select the Certificates -> Change expiry date and enter a new date. This means that you can declare the certificate valid for a limited time period, e.g. in order to issue it to outside employees.

The validity of X.509 certificates is defined by the certificate authority when the certificate is issued, and cannot be changed by the user.

Trust in the certificate holder
your own subjective confidence that the owner of the OpenPGP certificate is real (authentic) and that he will also correctly authenticate other OpenPGP certifictes. You set the trust with [Change trust in certificate holder] in the certificate details, or via the menuCertificates -> Change trust status menu item.

The trust status is only relevant for OpenPGP certificates. No such method exists for X.509 certificates.

include the user IDs of those certificate holders who are convinced of the authenticity of your certificate and have thus authenticated it. Trust in the authenticity of your certificate increases with the number of authentications you receive from other users.

Authentications are only relevant to OpenPGP certificates. This type of trust mechanism does not exist for X.509 certificates.

You do not necessarily have to know the certificate details to use Gpg4win on a daily basis, but they do become relevant when you want to receive or change new certificates.

You already learnt how to inspect and authenticate someone else's certificate and about the "Web of Trust" in Chapter 11.

© 31. August 2010, v3.0.0-beta1 (last minor changes from 21. September 2010)
The Gpg4win Compendium is filed under the GNU Free Documentation License v1.2.

HOME II For Advanced Users Top 16 The certificate server15 Certificate details Contents German