What is a Digital Certificate in Cryptography?
In this tutorial, we are going to see What is a Digital Certificate in Cryptography?
Asymmetric encryption algorithms are based on the sharing of a public key between different users. Generally, the sharing of this key is done through an electronic directory (generally in LDAP format) or a website.
However, this method of sharing has a major weakness: there is no guarantee that the key is really the same as the user to whom it is associated. Indeed, a hacker can corrupt the public key present in the directory by replacing it with his public key. Thus, the hacker will be able to decrypt all the messages that have been encrypted with the key present in the directory.
Thus a digital certificate makes it possible to associate a public key with an entity (a person, a machine, …) in order to ensure its validity. The digital certificate is the identity card of the public key, issued by an organization called a certification authority (often noted CA for Certification Authority).
The certification authority is in charge of issuing digital certificates, assigning them a validity date (equivalent to the expiration date), as well as possibly revoking certificates before this date in case of compromise of the key (or the owner).
Structure of a certificate ?
Digital certificates are small files divided into two parts:
- The part containing the information
- The part containing the signature of the certification authority
The structure of digital certificates is standardized by the ITU X.509 standard (more precisely X.509v3), which defines the information contained in the digital certificate:
- The version of X.509 to which the digital certificate corresponds;
- The serial number of the digital certificate;
- The encryption algorithm used to sign the digital certificate;
- The name (DN, for Distinguished Name) of the issuing Certification Authority(CA);
- The validity start date of the digital certificate;
- The digital certificate’s expiry date;
- The purpose of the public key use;
- The public key of the digital certificate owner;
- The signature of the digital certificate issuer (thumbprint).
All this information (information + public key of the sender) is signed by the certification authority, this means that a hash function creates a fingerprint of this information, then this hash is encrypted using the private key of the certification authority; the public key has been widely distributed beforehand to allow users to verify the signature with the public key of the certification authority.
Image source: https://commons.wikimedia.org/wiki/File:Creation_and_Contents_of_Digital_certificate.png
When a user wants to communicate with another user, all he has to do is get the recipient’s certificate. This digital certificate contains the name of the recipient, as well as his public key, and is signed by the certification authority. It is therefore possible to verify the validity of the message by applying the hash function to the information contained in the digital certificate, decrypting the signature of the certification authority with the recipient’s public key, and comparing these two results.
Types of digital certificates
There are different types of digital certificates depending on the signature level:
- Self-signed certificates are certificates for internal use. Signed by a local server, this type of certificate guarantees the confidentiality of exchanges within an organization, for example for the needs of an intranet. It is thus possible to authenticate users using self-signed certificates.
- Certificates signed by a certification authority are necessary to ensure the security of exchanges with anonymous users, for example for a secure website accessible to the general public. The third-party certifier assures the user that the certificate belongs to the same organization to which it is claimed to belong.
- What is S/MIME and How Does It Work?
- What is SET(Secure Electronic Transaction) Protocol?
- What is S-HTTP (Secure HTTP) Protocol?
- What is SSH Used For?
- What is SSL and How does it Work?
- What is PGP(Pretty Good Privacy) in Cryptography?
- What is RSA in Cryptography?
- What Is DES (Data Encryption Standard)?
- Vigenère Cipher with Example
- What is a Digital Certificate in Cryptography?
- What is a Digital Signature in Cryptography?
- What is Session Key in Cryptography?
- Asymmetric Encryption
- Symmetric Encryption
- What is Transposition Cipher With Example?
- What is ROT13 and How Does it Work?
- What is the Caesar Cipher?
- Substitution Cipher with Example
- What is Cryptography in Computer Network?
- Computer Security MCQs – Multiple Choice Questions and Answers – Part 1
- Computer Security MCQs – Multiple Choice Questions and Answers – Part 2
- Computer Security MCQs – Multiple Choice Questions and Answers – Part 3
- Computer Security MCQs – Multiple Choice Questions and Answers – Part 4
- Web Security And Transport Layer Security (TLS)
- IT Security & Data Protection: Similarities and Differences
