Digital Certificates
• We’ve encrypted the message digest so we should be safe, right? Well, not quite.
Q: How do we know that the public key that we’re using to decrypt the
digital signature is not actually from an imposter?
A: Digital Certificates
• A certificate essentially provides two things:
1) A party’s public key.
2) A statement with information about the owner of the public key.
• Another way to think of a digital certificate is a message digest for keys. In other words, a digital
signature validates keys.
- The information provided with the certificate allows us to verify that the public key that we are
receiving is actually from whom we expect it to be.
- This also protects the owner of the key because imposters will need to have the key AND a certificate
to spoof their identity.
• Now we’re totally secure, right?…
Note quite.
Certificate Authority
• Anyone can make their own digital signature. And anyone can make a digital signature say anything
they want it to.
Q: How do we know a given certificate is really from the person it
says it is from?
A: Certificate Authorities
• The role of a Certificate Authority (CA) is to vouch that a given digital signature is actually from the
person that the certificate says it is from.
- VeriSign, Thawte and the U.S. Postal Service are examples of CA’s.
- At this point we “trust” a CA because its reputation is on the line. If they lied, they would go out of
business (and probably get sued).
• However, if we choose not to trust a particular CA, then we use Certificate Chaining.
- Certificate chaining is basically one CA vouching for another CA.
- A certificate chain can be infinitely long.
- At some point (if we want any work to get done) we have to trust someone.
• We’ve encrypted the message digest so we should be safe, right? Well, not quite.
Q: How do we know that the public key that we’re using to decrypt the
digital signature is not actually from an imposter?
A: Digital Certificates
• A certificate essentially provides two things:
1) A party’s public key.
2) A statement with information about the owner of the public key.
• Another way to think of a digital certificate is a message digest for keys. In other words, a digital
signature validates keys.
- The information provided with the certificate allows us to verify that the public key that we are
receiving is actually from whom we expect it to be.
- This also protects the owner of the key because imposters will need to have the key AND a certificate
to spoof their identity.
• Now we’re totally secure, right?…
Note quite.
Certificate Authority
• Anyone can make their own digital signature. And anyone can make a digital signature say anything
they want it to.
Q: How do we know a given certificate is really from the person it
says it is from?
A: Certificate Authorities
• The role of a Certificate Authority (CA) is to vouch that a given digital signature is actually from the
person that the certificate says it is from.
- VeriSign, Thawte and the U.S. Postal Service are examples of CA’s.
- At this point we “trust” a CA because its reputation is on the line. If they lied, they would go out of
business (and probably get sued).
• However, if we choose not to trust a particular CA, then we use Certificate Chaining.
- Certificate chaining is basically one CA vouching for another CA.
- A certificate chain can be infinitely long.
- At some point (if we want any work to get done) we have to trust someone.
Digital Certificates
Table of Contents
Copyright (c) 2008. Intertech, Inc. All Rights Reserved. This information is to be used exclusively as an
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Courseware
Training Resources
Tutorials