The present invention relates to digital certificates. More particularly, the present invention relates to dynamic generation and processing of certificate public information directories.
Digital certificates, such as those based upon the X.509 standard used in a public key infrastructure (PKI), may associate an identity or distinguished name (DN) with a public and private key pair. The public and private key pair is used to encrypt and decrypt data communicated between two entities, such as for client and server applications.
In some cases, digital certificates are used to both sign and encrypt data using a public-key cryptographic standard (PKCS), such as PKCS#7. Data that has been digitally signed in this case uses the private key of the originator (or sender) of the data and the data is verified by the recipient using the public key of the sender's certificate and possibly the issuer certificate (the certificate used to “sign” the sender's certificate). Data that is encrypted utilizes the public key of the intended recipient to encrypt the data for that particular recipient, and the recipient uses the private key of the recipient to decrypt the data.