Digital Document Signing in Java-Based Web Applications, Page 4
Sometimes, a person or a company happens to lose control over his or her certificates and their corresponding private keys and they fall in the hands of other people, who can eventually take advantage of them. In such cases, it is necessary to revoke these certificates (revoked certificates).
The certification authorities periodically (or by emergency) publish lists of particular certificates that are temporarily disabled or revoked before their expiration date. These lists are digitally signed by the certification authority that issues them, and are called certificate revocation lists (CRL). In such lists are specified the name of the certification authority that has issued the certificate, the issue date, the date of the next publishing of such list, the serial numbers of the revoked certificates and the specific times and reasons for revocation.
As mentioned earlier, my next article will describe the procedures and algorithms for digitally signing documents and digital signature verification.
About the Author
Svetlin Nakov is part-time computer science lecturer in Sofia University,
Bulgaria. He has over 5 years of professional software engineering and
training experience and currently works as IT consultant in a leading
Bulgarian software company. His areas of expertise include Java and related
technologies, .NET Framework, network security, data structures and
algorithms, and programming code quality. More information on his research
background, skills and work experience is available from his home site