Nerd Tutorials

Explain Digital certificate and public key Infrastructure with a suitable diagram. ?

Digital Certificate is an electronic "password" that allows a person, organizaion to exchange data securely over the Internet using the public key infrastructure (PKI). Digital Certificate is also known as a public key certificate or identity certificate.

Digital certificate: Digital document that includes:
▪ Name of subject or company
▪ Subject’s public key
▪ Digital certificate serial number
▪ Expiration date
▪ Issuance date
▪ Digital signature of certification authority (trusted third party institution) that issues certificate
▪ Other identifying information

■ Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties

When you sign into a “secure” site, the URL will begin with “https” and a closed lock icon will appear on your browser.

■ This means the site has a digital certificate issued by a trusted CA. It is not, presumably, a spoof site To create a digital certificate, the user generates a public/private key pair and sends a request for certification to a CA along with the user’s public key.

■ The CA verifies the information (how this is accomplished differs from CA to CA).

■ The CA issues a certificate containing the user’s public key and other related information.

Finally, the CA creates a message digest from the certificate itself (just like a hash digest) and signs it with the CA’s private key.

■ This signed digest is called the signed certificate. We end up with a totally unique cipher text document—there can be only one signed certificate like this in the world. There are several ways the certificates are used in commerce.

■ Before initiating a transaction, the customer can request the signed digital certificate of the merchant and decrypt it using the merchant’s public key to obtain both the message digest and the certificate as issued. If the message digest matches the certificate, then the merchant and the public key are authenticated.

■ The merchant may in return request certification of the user, in which case the user would send the merchant his or her individual certificate.

■ There are many types of certificates: personal, institutional, Web server, software publisher, and CAs themselves

Exit mobile version