A digital certificate is a way of ensuring a document is authentic and it has not been altered since the original user has created it. Encryption is a basic methodology used in authentication in digital certificates. While you encrypt data at sending end, the receiving end needs to decode the content to read data. To decode the message, the receiving end should know how it is encoded. This is the way a digital signature works.
Even the basic description of digital certificate is above, digital certification use three distinct methods of security.
Cyclic Redundancy Check which is also known as CRC is a very accurate traditional method using checksums. But this ensures you receive what sender sent but no much protection against data attacks.
However, the method which is known as “Private Key Method” or “Private Key Encryption” provides better security. The sending machine encodes the message using a secret code in the machine and send the encrypted message. The machine will install the code in the other machine and enables it to decode it, but sending machine and receiving machines is configured to talk to each other and get to know about each other technically (i.e. your Notebook computer and Home PC). Using the installed secret code, receiving machine will decode the message.
Another method is “Public Key Infrastructure” or “Public Key Encryption” This uses a private key as well as a public key. Similar to “Private Key Method”, private key is known to your machine but, public key is a key communicated to other machines on network by your computer and all know the key. When you want to decode the message you want both private key and public key which is one is public while other is local. The key is based on a hash value taken by a hashing algorithm. An attacker needs to break both keys and algorithm to decode message.
Input number
10667
Hashing algorithm
Input # x 143
Hash value
1525381
You can see how hard it would be to determine that the value of 1525381 came from the multiplication of 10667 and 143. But if you knew that the multiplier was 143, then it would be very easy to calculate the value of 10667. Public key encryption is much more complex than this example but that is the basic idea. Public keys generally use complex algorithms and very large hash values for encrypting: 40-bit or even 128-bit numbers. A 128-bit number has a possible 2128 different combinations.
Digital Signatures can be used for a variety of electronic transactions including e-mail, electronic commerce, groupware and electronic funds transfers. Netscape's popular Enterprise Server requires a Digital Certificate for each secure server. Generally Digital Signatures are work with digital certificates.
As I described in my post “Use of Digital Signatures in Practice”, PKI is one of the best ways to protect documents. In this article we are going to think about Certificate Authority.
As I showed in previous article use of PKI need more resources. Therefore, if you want to implement public key encryption in large scale you need more resources and secure web server might need. This server keeps small amounts of information about keys. Such a unit of information in server is known as “Certificate”.
A Digital Certificate typically contains the:
1. Owner's public key
2. Owner's name
3. Expiration date of the public key
4. Name of the issuer (the CA that issued the Digital Certificate
5. Serial number of the Digital Certificate
6. Digital signature of the issuer
The most widely accepted format for Digital Certificates is defined by the CCITT X.509 international standard; thus certificates can be read or written by any application complying with X.509.
When server received a request, it get confirmation of the authenticity of request by confirming it against certificate using RA (Registration Authority). Certificates are issued by trusted third parties called certificate authorities, and provide the validation function by linking a particular public key to a particular user in order to identify individuals and organizations. As part of the certificate validation, the server checks a certificate revocation list to make sure the administrator has not revoked the certificate. Thus, PKI provides the essential services for managing certificates and encryption keys for the people, programs and systems that use public-key cryptography.
Therefore, we can say digital certificates which use PKI probably needs CA. Therefore no digital signature is useful without a certificate. That’s why we have three types of certificates;
1. Server Certificates
2. Developer Certificates
3. Personal Digital Certificates