Self-signed certificate
|
In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by its own subject.
In typical PKI arrangements, that a particular public key certificate is valid (ie, contains correct information) is attested by a digital signature from a certificate authority (CA). Users, or their software on their behalf, check that the private key used to sign some certificate matches the public key in the CA's certificate. Since CA certificates are often signed by other, 'higher ranking', CAs, there must necessarily be a highest CA, which provides the ultimate in attestation authority in that particular PKI scheme.
Obviously, the highest ranking CA's certificate can't be attested by some other higher CA (there being none), and so that certificate can only be 'self-signed'. Such certificates are also termed root certificates. Clearly, mistakes or corruption in the issuance of such certificates is critical to the operation of its associated PKI; they should be, and generally are, issued with great care.
In a web of trust certificate scheme there is no central CA, and so identity certificates for each user can be self-signed. In this case, however, it is additional signatures from other users which are evaluated to determine whether a certificate should be accepted as correct. So, if users Bob, Carol, and Ted have signed Alice's certificate, user David may decide to trust that the public key in the certificate is Alice's (all these worthies having agreed by their signatures on that claim). But, if only user Bob has signed, David might (based on his knowledge of Bob) decide to take additional steps in evaluating Alice's certificate. On the other hand, Edward's signature alone on the certificate may by itself be enough for David to trust that he has Alice's public key (Edward being known to David to be a reliably careful and trustworthy person). There is of course, a potentially difficult regression here, as how can David know that Bob, Carol, Ted, or Edward have signed any certificate at all unless he knows their public keys (which of course came to him in some sort of certificate)? This problem is solved by fiat in X.509 PKI schemes as one believes (ie, trusts) the root certificate by definition. The problem is real in both approaches, but less easily lost track of by users in a Web of Trust scheme.