Summary: Digital Certificates can be used
for a variety of electronic transactions including e-mail, virtual mall, groupware and
electronic funds transfers. A digital certificate has a pair of coupled cryptographic
keys. These are symmetric and asymmetric cryptographic.
A digital certificate is an attachment tagged to an
electronic message for security purposes. It allows the sender of a message to be verified
by the recipient, that the sender is actually the person he or she claims to be. In
addition, it allows the recipient to reply to the message in a 'secure' way, so that only
the sender of the original message and nobody else receives it.
The most important things in Digital certificates are as
follows:
- Identification information
- Cryptographic keys
- Digital signature
Cryptographic Keys
A digital certificate has a pair of coupled cryptographic
keys. These are symmetric and asymmetric cryptographic.
Symmetric cryptographic key uses only one key between two
parties i.e. encryption and decryption is done by same keys.
Asymmetric cryptographic key uses different keys between
two parties i.e. encryption and decryption is done by different keys. These keys always
work in pairs i.e. one key is public to all which is only for the owner known as public
key and private key is distributed to all the users which is always different from one
customer to other. The main work of these keys is to encrypt and decrypt the messages and
to secure the whole process of transactions.
Digital Signature
A digital signature is an electronic signature for
verification purpose and provides higher degree of security. A digital certificate owner
"signs" an object by using the certificate's private key. The recipient uses the
certificate's corresponding public key to decrypt the signature, which verifies the
integrity of the signed object and verifies the sender as the source. In other words it is
a way of authentication of digital messages.
In terms of cryptography (encoding messages), public key
(identity) certificates, which are also called 'digital signatures', contain information
about a person or organization's name, address etc, which is unique as it is 'publicly'
available from only one such individual or organization. Typically in public key
infrastructure (PKI) schemes, where the signatures are validated by Certificate
Authorities (CA), the signing authorities certify that the public key and identity
information belong together.
A digital certificate may be withdrawn or revoked by CA's
if it comes to light that the 'embedded relationship' between a key and the identity is
incorrect or has changed e.g. or has changed employers. In addition, in security breaches,
where the privacy of the issued certificates is compromised (i.e. it is reported that more
than one person has attempted to use the key) similar actions may be taken. Such occasions
of revocation are rare, but it means that even 'trusted' certificates should be checked
for their current validity or 'expiry' status. Although it is the job of the PKI to check
and update its certificates, in practice it is not always done. Third party protocols like
(Online status certificate protocol – OSCP) queries the certificate issuing server to
check the validity instead.
Digital Certificate must contains:
- Name of the organization or individual
- The business address
- Digital signature
- Public key
- Serial number
- Valid Issued date
- Valid Expiration date.
Digital Certificates can be used for a variety of
electronic transactions including e-mail, virtual mall, groupware and electronic funds
transfers. By using digital certificate we can secure not only the transactions but also
the whole process. |
