Scribd Logo
Carica

Benvenuto in Scribd!

  • Digital Certificate

    Caricato da

    Rachana Sonawane
    199 visualizzazioni8 pagine
    A digital certificate (DC) is a digital file that certifies the identity of an individual or institution, or even a router seeking access to computer-based information. Certification Authorities are the digital world's equivalent to passport offices. They issue digital certificates and validate holders' identity and authority.

    Descrizione originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    DOC, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    A digital certificate (DC) is a digital file that certifies the identity of an individual or institution, or even a router seeking access to computer-based information. Certification Authorities are the digital world's equivalent to passport offices. They issue digital certificates and validate holders' identity and authority.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato DOC, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    199 visualizzazioni8 pagine

    Digital Certificate

    Caricato da

    Rachana Sonawane
    A digital certificate (DC) is a digital file that certifies the identity of an individual or institution, or even a router seeking access to computer-based information. Certification Authorities are the digital world's equivalent to passport offices. They issue digital certificates and validate holders' identity and authority.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato DOC, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 8

    What are Digital Certificates?

    A digital certificate (DC) is a digital file that certifies the identity of an


    individual or institution, or even a router seeking access to computer- based
    information. It is issued by a Certification Authority (CA), and serves the
    same purpose as a driver’s license or a passport.

    What are Certification Authorities?

    Certification Authorities are the digital world’s equivalent to passport


    offices. They issue digital certificates and validate holders’ identity and
    authority.

    They embed an individual or institution’s public key along with other


    identifying information into each digital certificate and then
    cryptographically sign it as a tamper-proof seal verifying the integrity of the
    data within it, and validating its use.

    What is the Process of obtaining a certificate?

    1.Subscriber (sender) generates a public\private key pair. Applies


    to CA for digital certificate with the public key.

    2.CA verifies subscriber's identity and issues digital certificate


    containing the public key.

    3.CA publishes certificate to public, on-line repository.

    4.Subscriber signs message with private key and sends message to


    second party.

    5.Receiving party verifies digital signature with sender's public key


    and requests verification of sender's digital certificate from CA's
    public repository.

    6.Repository reports status of subscriber's certificate.

    What is the Process in obtaining a certificate?


    Types of Digital Certificates :

     There are four main types of digital certificates :-

     Server Certificates

     Personal Certificates

     Organization Certificates

     Developer Certificates

    What Does a Digital Certificate Contain?

    It contains your name, a serial number, expiration date, a copy of the


    certificate-holder's public key (used for encrypting messages and digital
    signatures), and the digital signature of the certificate-issuing authority so
    that a recipient can verify that the certificate is real. Some digital
    certificates conform to the X.509 standard.

    Why are they Used?

    There are four(4) main uses:

    1. Proving the Identity of the sender of a transaction

    2. Non Repudiation – the owner of the certificate cannot deny partaking


    in the transaction

    3. Encryption and checking the integrity of data - provide the receiver


    with the means to encode a reply.
    4. Single Sign-On - It can be used to validate a user and log them into
    various computer systems without having to use a different password
    for each system

    Public & Private Keys

    Public and Private Key pairs comprise of two uniquely related cryptographic
    keys.

    Public key is made accessible to everyone, whereas Private key remains


    confidential to its respective owner. Since both keys are
    mathematically related only the corresponding private key can decrypt their
    corresponding public key.

    How do You Obtain An Individual’s Public Key?

     When Alice wants Bob’s public key:

    • Alice gets Bob’s certificate (from Bob or elsewhere).

    • apply CA’s public key to Bob’s certificate, get Bob’s public


    key

    Where are Digital Certificates Used?

     In a number of Internet applications that include:

     1.Secure Socket Layer (SSL) developed by Netscape Communications


    Corporation
     2. Secure Multipurpose Internet Mail Extensions (S/MIME) Standard for
    securing email and electronic data interchange (EDI).

     3. Secure Electronic Transactions (SET) protocol for securing electronic


    payments

     4. Internet Protocol Secure Standard (IPSec) for authenticating


    networking devices

    How Digital Certificates are Used for Message Encryption

    In Conclusion

     Public Key Cryptography is used in message authentication and key


    distribution.
     Key management is achieved by Digital Certificates, which are a
    mechanism that enables distribution of keys to participants
    exchanging information. They ensure the Confidentiality of these
    messages and the Authentication of the participants.

     The strength of Digital Certificates through X.509 lies, inter alia, in the
    fact that they have been standardized by the ITU-T.

     This makes for security in investment and training, as it is assured


    Digital Certificates will be maintained in the future.

    Certificate chains

    Certificate authority (CA) hierarchies are reflected in certificate chains. A


    certificate chain traces a path of certificates from a branch in the hierarchy
    to the root of the hierarchy.

    Figure 1 shows a certificate chain leading from a certificate that identifies


    an entity through two subordinate CA certificates to the CA certificate for
    the root CA. This example is based on Figure 1 shown in Hierarchies.

    Figure 1. A certificate chain


    In a certificate chain, the following occurs:

    Each certificate is followed by the certificate of its issuer.

    Each certificate contains the distinguished name (DN) of that certificate's


    issuer. This is the same as the subject name of the next certificate in the
    certificate chain. In this figure, CA Six contains the DN of CA Three, which
    issued that certificate. The DN for CA Three is also the subject name of the
    next certificate in the chain.

    Each certificate is signed with the private key of its issuer. The signature
    can be verified with the public key in the issuer's certificate, which is the
    next certificate in the certificate chain. In this figure, the public key in the
    certificate for CA Three can be used to verify the CA Three's digital
    signature on the certificate for CA Six.

    Certificate chain verification


    Verifying a certificate chain is the process of ensuring that a specific certificate chain is
    well-formed, valid, correctly signed, and trustworthy.

    The following procedure forms and verifies a certificate chain, beginning with the
    certificate that is presented for authentication:
    The issuer's certificate is located. The source can be the verifier's local certificate
    database on that client or server, or the certificate chain that is provided by the subject.

    The certificate signature is verified using the public key in the issuer's certificate.

    The validity period for the certificate is verified against the current time provided by the
    verifier's system clock.

    If the issuer's certificate is trusted by the verifier, verification is successful and stops
    here. Otherwise, the issuer's certificate is checked to ensure that it contains the
    appropriate subordinate certificate authority (CA) and verification of the certificate chain
    begins again with step 1 with the new certificate.

    Figure 1 shows what occurs when only a root CA is included in the verifier's local
    database.

    Figure 1. Verifying a certificate chain to the root CA

    If a certificate for one of the immediate CAs shown in Figure 1, such as CA Two, is found
    in the verifier's local database, verification stops with that certificate as shown in Figure
    2.

    Figure 2. Verifying a certificate chain to an immediate CA


    If any of the following events occur at any point in the certificate chain, authentication
    will fail:

    The validity dates are expired.

    A signature that is not valid is found.

    A certificate for the issuing CA is not found.

    Figure 3 shows a certificate chain that cannot be verified.


    Figure 3. A certificate chain that cannot be verified

    Potrebbero piacerti anche