• Digital Certificates
        We’ve encrypted the message digest so we should be safe, right? Well, not quite.

 

      • Q: How do we know that the public key that we’re using to decrypt the digital signature is not actually from an imposter?

 

      • A: Digital Certificates

 

      • A certificate essentially provides two things:
      • 1) A party’s public key.

 

      • 2) A statement with information about the owner of the public key.

 

      • Another way to think of a digital certificate is a message digest for keys. In other words, a digital signature validates keys.
      • The information provided with the certificate allows us to verify that the public key that we are receiving is actually from whom we expect it to be.
      • This also protects the owner of the key because imposters will need to have the key AND a certificate to spoof their identity.
      • Now we’re totally secure, right? Note quite.

 

    • Certificate Authority
        Anyone can make their own digital signature. And anyone can make a digital signature say anything they want it to.

 

      • Q: How do we know a given certificate is really from the person it says it is from?

 

      • A: Certificate Authorities

 

    • The role of a Certificate Authority (CA) is to vouch that a given digital signature is actually from the person that the certificate says it is from.
    • VeriSign, Thawte and the U.S. Postal Service are examples of CA’s.
    • At this point we “trust” a CA because its reputation is on the line. If they lied, they would go out of business (and probably get sued).
    • However, if we choose not to trust a particular CA, then we use Certificate Chaining.
    • Certificate chaining is basically one CA vouching for another CA.
    • A certificate chain can be infinitely long.
    • At some point (if we want any work to get done) we have to trust someone.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join our telegram channel now for latest updates

join now