|
Digital Certificate:
Digital Certificates are digital documents that associate a public key to an entity. Contains data that identifies the owner of the certificate (name, company name, certificate expiry date, etc.).
Main proposes.
Certificates are used to generate confidence in the legitimacy of a public key and prevent an entity from using another key to impersonate an entity. It guarantees authentication and confidentiality.
Digital certificates are used for.
It can be used to distribute public keys on the internet and prove that the owner is who he claims to be (authentication).
Types of digital certificates.
- Certificate Authority (CA) certificates: A Certificate Authority certificate is a digital credential that validates the identity of the Certificate Authority (CA) that owns the certificate. Is a digital certificate issued by a certificate authority (CA) (Sel-signed).
- Individual digital signature certificates (signing certificates): These certificates are used to identify a person and include personal information. One person can use the certificate to sign a variety of objects. They can be used to sign electronic documents and emails.
- Server certificates: This certificate is a digital credential that identifies the server(computer) or client application and contains the hostname(FQDN) or IP address.
- Encryption certificates: This certificate is used to encrypt a message using the public key of the recipient to ensure data confidentiality during transmission. As an example, there is an SSL certificate to ensure secure communication of data over a network.
Information contained in a certificate.
An example of some information included in a certificate:
- The certificate contains the owner’s identity.(CN).
- The certificate contains the owner's public key.
- The certificate may also contain an expiration date.
- The name of the certifying authority that issued the certificate: The issuer.
- The certificate contains the digital signature of the certificate issuer.
- A serial number.
- A piece of optional or additional information.
The information is organized.
Usually, the information is organized in sections. The most common and relevant are:
- Issued To.
- Issued By.
- Validity Period.
- Subject Alt Names.
- Public Key Info.
- Miscellaneous.
- Fingerprints.
- Extended Key Usages.
- Extensions.
- Certificate Signature Value.
- Basic Constraints.
- Certificate Policies.
- Subject Key ID.
- Embedded SCTs.
Types of digital certificate formats that exists.
X.509 Certificates: The X.509 is an International Standard and is the most widely accepted format for certificates.
Application complying with X.509 can read and write certificates.
PGP Certificates: PGP is a proprietary format that is owned by Symantec.
OpenPGP Certificates: OpenPGP is an open standard that is managed by the IETF.
S/MIME Certificates: A certificate format that is often used for email encryption.
The validation process usually involves:
- The device which validates the following information:
- Domain name or IP address (CN or SAN field).
- If it is expired or not (Validation Period).
- Decrypt the Signature of the issuer of the certificate to obtain the Digest (Hashed value of part of the certificate) using the issuer's Public Key.
- Calculate the Hash using the Signature algorithm provided in the certificate.
- Compare the value. If both values match then the certificate can be trusted, otherwise the certificate is not considered trusted and the communication is aborted.
- At this stage, if step 4 is successful, further validation can be done depending on the system, protocol, or application.
|
