X.509 describes two levels of
Authentication, simple authentication, based on use of a password to verify user identity, and strong authentication, using credentials created by cryptographic methods. The standard recommends that only strong authentication should be used as the basis of providing secure services.
Public-Key Cryptography is used for strong authentication, but X.509 is not dependent on the use of a particular cryptographic
Algorithm, though two users wishing to authenticate must support the same
Algorithm.