Digital Document Signing in Java-Based Web Applications, Page 4

Revoked Certificates

Sometimes, a person or a company happens to lose control over his or her certificates and their corresponding private keys and they fall in the hands of other people, who can eventually take advantage of them. In such cases, it is necessary to revoke these certificates (revoked certificates).

The certification authorities periodically (or by emergency) publish lists of particular certificates that are temporarily disabled or revoked before their expiration date. These lists are digitally signed by the certification authority that issues them, and are called certificate revocation lists (CRL). In such lists are specified the name of the certification authority that has issued the certificate, the issue date, the date of the next publishing of such list, the serial numbers of the revoked certificates and the specific times and reasons for revocation.

As mentioned earlier, my next article will describe the procedures and algorithms for digitally signing documents and digital signature verification.

About the Author

Svetlin Nakov is part-time computer science lecturer in Sofia University, Bulgaria. He has over 5 years of professional software engineering and training experience and currently works as IT consultant in a leading Bulgarian software company. His areas of expertise include Java and related technologies, .NET Framework, network security, data structures and algorithms, and programming code quality. More information on his research background, skills and work experience is available from his home site www.nakov.com.