What is a digital certificate?
A digital certificate is an attachment tagged to an electronic message for security purposes. It allows the sender of a message to be verified by the recipient, that the sender is actually the person he or she claims to be. In addition, it allows the recipient to reply to the message in a ‘secure’ way, so that only the sender of the original message and nobody else receives it.
The most important things in Digital certificates are as follows-
• Identification information
• Cryptographic keys
• Digital signature
A digital certificate has a pair of coupled cryptographic keys. These are symmetric and asymmetric cryptographic.
Symmetric cryptographic key uses only one key between two parties i.e. encryption and decryption is done by same keys.
Asymmetric cryptographic key uses different keys between two parties i.e. encryption and decryption is done by different keys. These keys always work in pairs i.e. one key is public to all which is only for the owner known as public key and private key is distributed to all the users which is always different from one customer to other. The main work of these keys is to encrypt and decrypt the messages and to secure the whole process of transactions.
A digital signature is an electronic signature for verification purpose and provides higher degree of security. A digital certificate owner “signs” an object by using the certificate’s private key. The recipient uses the certificate’s corresponding public key to decrypt the signature, which verifies the integrity of the signed object and verifies the sender as the source. In other words it is a way of authentication of digital messages.
In terms of cryptography (encoding messages), public key (identity) certificates, which are also called ‘digital signatures’, contain information about a person or organization’s name, address etc, which is unique as it is ‘publicly’ available from only one such individual or organization. Typically in public key infrastructure (PKI) schemes, where the signatures are validated by Certificate Authorities (CA), the signing authorities certify that the public key and identity information belong together.
A digital certificate may be withdrawn or revoked by CA’s if it comes to light that the ’embedded relationship’ between a key and the identity is incorrect or has changed e.g. or has changed employers. In addition, in security breaches, where the privacy of the issued certificates is compromised (i.e. it is reported that more than one person has attempted to use the key) similar actions may be taken. Such occasions of revocation are rare, but it means that even ‘trusted’ certificates should be checked for their current validity or ‘expiry’ status. Although it is the job of the PKI to check and update its certificates, in practice it is not always done. Third party protocols like (Online status certificate protocol – OSCP) queries the certificate issuing server to check the validity instead.
Digital Certificate must contains-
• Name of the organization or individual
• The business address
• Digital signature
• Public key
• Serial number
• Valid Issued date
• Valid Expiration date.
Digital Certificates can be used for a variety of electronic transactions including e-mail, virtual mall, groupware and electronic funds transfers. By using digital certificate we can secure not only the transactions but also the whole process.