About Certificate Validity

Signatures and Certificate Validity

By and large, a certificate is valid if, and only if, it is trusted, not expired, and not revoked. The table below explains the significance of each possibility:

Status

What It Means

Trusted

The X.509 certificate can be trusted to indicate who the files really come from. Smartcrypt does not check this status for OpenPGP files.

Not Trusted

The certificate cannot be trusted to indicate who the files really come from.

The files may not really be signed by the person that the certificate says signed them..

 Smartcrypt does not check this status for OpenPGP files.

Expired

The current date does not fall within the date range for which the certificate is valid.

A certificate is valid only for a certain period. If the files were signed or encrypted while the certificate was valid, there is probably no problem. Otherwise, the certificate should be treated as Not Trusted. (A certificate may also show as expired if the date on your computer is incorrect.)

Not Expired

The current date is within the valid range of dates for the certificate

Time nested

The period of validity of the certificate does not extend past the dates when the issuer certificate is valid. For example, if the issuer certificate is valid from February 1, 2005, to January 31, 2008, the date range during which the selected certificate is supposed to be valid does not begin before February 1, 2005, or end after January 31, 2008.

Not time-nested

The period of validity of the certificate extends past the dates when the issuer certificate is valid.

This condition does not necessarily mean that the selected certificate is fraudulent. For example, it may inadvertently have been given too long a period of validity when it was issued. On the other hand, if the issuer certificate was expired when the selected certificate supposedly begins to be valid, the situation may be worth investigating more closely.

Revoked

The certificate has been canceled by either the issuer or the owner.

A certificate might be revoked for a variety of reasons: Perhaps the owner lost the private key or someone else gained access to it; perhaps the issuer determined that the certificate was fraudulently obtained. In general, you should not trust files that were signed with a Revoked certificate.

Not Revoked

The certificate has not been revoked

Your company's security policy may provide guidance as to how you should proceed when you encounter files signed or encrypted with an invalid certificate, or you may want to ask the owner of the certificate about any problems with it.

Related Topics

Signing and Authentication