Computer Science 9618 Notes

Search

SearchSearch

Digital Certificates

Apr 16, 2024, 3 min read

A digital certificate (also known as public key certificate) is an electronic document used to prove the ownership of a public key.

Within it, contains a number of data items, including:

  • The sender’s public key
  • Date of creation and expiry
  • (Certificate) serial number
  • Certificate Authority (that issued the certificate)
  • Subject name (name of user/owner, computer, network device)
  • Hashing algorithm (data or signature) e.g. SHA2

PKI (Public Key Infrastructure)

  • PKI is a set of software and hardware infrastructures to ensure the authenticity of users, companies and data
  • PKI involves trusted third parties (on both sides) who can verify the integrity and ownership (authenticity) of a public key.
    • This is called a certification authority (CA)

Obtaining / Using a Digital Certificate

  • The digital cert is used to authenticate the receiver is who they are saying they are
    • Most of the time people refer to ‘Bob and Alice’ or ‘Person A/B’ but also ‘Company’
  1. Person A (the receiver) who wants to receive secure messages, generates a Private Key pair and contacts a certificate authority (CA)
  2. The CA confirms the identity of Person A
  3. Person A then sends their public key to the CA
  4. The CA creates a public key certificate (digital certificate), and writes Person A’s public key into the certificate (item of data)
  5. The CA then uses its own private key to create a digital signature to the document
  6. The digital certificate is given to Person A
  7. Person A posts the digital certificate on a website
  8. A person wishing to use Person A’s public key will download the digital cert and use the CA’s public key to extract Person A’s public key

Digital Signature

  • A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. A document’s unique fingerprint

  • A valid digital signature gives a recipient reason to believe that the:

    • message was created by a known sender (authentication)
    • sender cannot deny having sent the message (non-repudiation)
    • the message was not altered in transit (integrity)

  • They are commonly used for:

    • Software transmission
    • Financial transactions
    • Other applications where detection of forgery or tampering is important

  • A digital signature is used to verify a message / transaction

  • The recipient can check if the message was tampered with by hashing the received message and comparing this value with the decrypted signature

    • The hash is a digest. A digest is not an encrypted version of the plain text, but a numerical summary of its contents, unique to the document

  • To decrypt the signature, the corresponding public key is required

  • Digital signatures can be sent with encrypted or plain text documents / messages

  • Digest of plaintext message created by sender

  • Digital signature created by encrypting digest with sender’s private key

  • Receiving user compares received digest with a digest created based on the received document

  • If both are the same, the message is:

    • Unaltered in transmission
    • Originating from the sender (as only they have their private key)

  • Message Digest

    • A message digest is a fixed size, numerical version of the contents of a message.
    • A message digest is created by a hash function.
    • The digest is sent along with the message itself.

Graph View

Backlinks