TITLE
    Mac OS 9: File Security - About Digital Certificates and Keys
Article ID:
Created:
Modified: 		60480
9/28/99
4/10/00
TOPIC

    This article describes kinds of digital certificates and keys supported by file security, a Mac OS feature introduced with Mac OS 9.0

DISCUSSION

    Digital certificates, or IDs, allow application developers to digitally "sign" files so that users can verify that the file came from the developer. For example, you can check the signatures of applications that you download from the Internet to make sure they come from an authorized source.

    Types of certificates

    Certificates are issued by Certificate Authorities, independent organizations that verify the identity of the person requesting the certificate.

    There are several types of certificates. A personal certificate is a certificate that has a corresponding public and private key in the keychain. Personal certificates can be used to sign, verify, encrypt or decrypt information in files.

    Only the owner of a personal certificate has its private key. Therefore, files can only be signed by the owner.

    A regular certificate is used to verify signatures from another person/organization, or to encrypt information for another person/organization.

    A root certificate belongs to a Certificate Authority.

    A root certificate is used to sign certificates issued by the Certificate Authority. Root certificates ensure that the public certificates a person (or organization) uses to verify their signed files are genuine.

    The built-in certificates that come with your Keychain software are "trusted" root certificates. That is, Apple has verified the authenticity of their origin.

    If you add additional root certificates to your keychain, you must verify the authenticity of their origin. The MD5 and SHA-1 fingerprints can be used to perform the verification.

    Viewing the built-in root certificates

    As long as you have the root certificate for a Certificate Authority, you can verify any certificates that were issued by that authority.

    To see a list of the built-in certificates that come with your Keychain software open the Edit menu and choose Built-in Certificates.

    For more information on the built-in certificates, open the Help menu and choose Show Balloons, then point to the item you want to learn more about.

Document Information
Product Area: Mac OS System Software
Category: Mac OS 9.0
Sub Category: System Software Components

Copyright © 2000 Apple Computer, Inc. All rights reserved.