发件人的证书在签名验证之前已过期 [英] Certificate of sender expired before signature verify
问题描述
我正在从事一个有关Java证书和数字签名的项目,但我无法理解以下情况。
创建签名时,文档的发送者和接收者的证书有效。但是及时地,当接收者收到文件时,发送者的证书已经过期。那是有效的情况,所以接收者通常可以验证签名,还是不能?
I m working on one project about certificates and digital signatures in Java, but i cant understand following situation. Certificates of sender and receiver of document was valid when signature is created. But in time, when receiver received document, certificate of sender had expired. Is that valid situation, so receiver can normally verify signature, or he cant?
还有一个问题。不可否认密钥的用途是什么?
One more question. For what is used Non-repudiation key usage?
推荐答案
即使证书已过期,数字签名也将保持密码正确,但是签名的验证将无效。
A digital signature will remain cryptographically correct even if the certificate has expired, but verification of the signature will be invalid.
电子证书的使用期限是根据证书颁发机构的政策确定的,超过该期限,则认为私钥的使用不安全。
An electronic certificate has a period of use established by the policy of the Certification Authority, beyond which the use of the private key is not considered safe.
要在过期后保留签名的有效性,可以在签名上加入时间戳或吊销证据(CRL,OCSP响应),以便可以验证
To preserve the validity of the signature beyond the expiration time, a time stamp or revocation evidences ( CRLs, OCSP responses) can be incorporated on the signature, in such a way that it is possible to verify the signature without having to contact the CA in the future.
还有一个问题。
One more question. For what is used Non-repudiation key usage?
Please, read this X509: What's the difference between digital signature and non-repudiation
这篇关于发件人的证书在签名验证之前已过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!