Objectives of the X.509 Technology

The X.509 technology allows the encryption of data, as well as the signing with a digital signature. The generation of the key pair and assignment of descriptive certificate information is a closed one-time process. Subsequent modification of the keys or the descriptive information is impossible. Data encrypted with one key can only be recovered (decrypted) with the other key.

One key (private) is known only to the holder of the certificate. The other key (public) is intended for forwarding to the communication partners. As long as the holder of the certificate ensures that his private key never gets into other hands, it is ensured that the encrypted data cannot be manipulated. Manipulated data can no longer be decrypted. An interception of the data, decrypting, manipulating and re-encrypting fails because no one but the certificate holder has both keys. This is a crucial condition.

Therefore, digital certificates protect the confidentiality, authenticity and integrity of the data, especially during transport over the network.