Principals are entities having identity, e.g. a human (you) or a computer server, or a program.
One of the oldest such systems is called RSA. It is based on two large prime numbers:
- ...
RSA is not the only public-key cryptography system. Another one is e.g. Elliptic-curve cryptography (ECC).
Both public and private keys can be represented in the PEM human-readable ASCII format, or binary DER format (used by Java).
Signing an input with a private key produces a signature which can be verified against the same input given a public key.
Input to signing is typically be limited in size. Therefore a digest (hash) of an input file is used.
A public key certificat (also this) is used to prove the ownership of a public key by a subject through a signature of it by an issuer's private key.
Issuer can be trusted certificate authorities (CA), of which there may be hierarchy (chain) of certificates. The root CA certificate of the tree is self signed.
X.509 is a standard format for certificates. It also defines certificate revocation lists. Like keys, certificates' ASN.1 too can be in PEM and DER format.
TLS (formerly SSL) is based on X.509. The subject's identity in a certificate is just a String which is interpreted by usage of the certificate; e.g. in TLS, the Subject name (CN) is the hostname used to verify connections to a server having access to the private key of the certificate, which it can use to descrypt session keys proposed by the client.