View and vote on the article here: Digital Certificates
Digital Certificates| Category | | | Summary | | | Body | You can see a digital certificate (also known as "authentication certificate" or
"digital ID") as your internet passport. It contains personal information, such
as your name and email, information about the certification authority, such as
it's digital signature, and some other information like your private and public
key (which will be discussed in the "Encryption" section). As you will see, such
a certificate offers great security to everything you send over the internet.
The benefits of a digital certificate
On the internet, everyone can pretend to be someone else, you can get data
that's not yours, and you can even change this data. This is why digital
certificates exist. A digital certificate proves you are the person or
organization you claim to be. Digital certificates also give security to the
data you send over the internet. They protect and secure your data in four ways:
Encryption
Encryption is the process of changing a normal text into a text that cannot be
read. Decryption makes this unreadable text readable again. The encryption that
digital certificates use is called key-cryptography. Every certificate has a
unique pair of keys, a public and a private one. A message encrypted with one of
these keys can only be decrypted by the other key. So you can give your public
key to people you know, and if they send a message and encrypt it with that key,
only you can decrypt it, because you are the only one who has the private key.
Authentication & Integrity
Authentication means that there is something that proves that the person really
is who he says he is. Integrity means that the message was not changed before it
got to the recipient. This is done by an digital signature. This signature is
made by the following process, when you are e.g. sending an email:
<ul type="1]
[*]The sender will generate a shorter copy of the message, this shorter
version is called a message-digist.
[*]The message-digist is encrypted with the users private key.
[*]The sender sends the message and the message-digist to the recipient.
[*]When the recipient receives the message, he decrypts the message-digist
with the public key of the sender.
[*]The recipient uses a hash function to make the message-digist of full
length again.
[*]The recipient can now compare the original message with the full length
message-digist
[/list]
This way of encrypting and sending a message to someone is very secure.
Because if the message is altered during transmission, the original message and
the message-digist are not identical (the encrypted message-digist can't be
altered, because it isn't readable). And if someone is pretending to be someone
else, he must have used a other private key, so if you use the public key of the
real person, you can't decrypt the message.
Tokens
Tokens are simply your digital certificate that is on your hard drive. When a
computer prompts you for your password, your computer sends your certificate
over the internet instead. Your certificate verifies your identity instead of
the password. This is a more secure (and easier) means of verification. Because
if someone would log into your account, he should have a exact copy of you
digital certificate on his hard drive.
Certification Authority
A Certification Authority (CA) is a trusted third party who makes the
certificates. They make sure that the information on the certificate is true. So
you can only trust someone with a digital certificate if the CA is trusted. On
every certificate a CA gives, there is some information about them. Their
digital signature verifies that the certificate is not fake. You can see a list
of CA's that are trusted by your browser by doing the following:
Netscape - Edit :: Preferences :: Privacy & Security
:: Certificates :: Manage Certificates :: Authorities
Internet Explorer - Tools :: Internet Options :: Content
:: Certificates :: Trusted Root Certification Authorities
Here are some CA's:
VeriSign
BankGate CA
British Telecommunications
GlobalSign NV-SA
Thawte Certification
Digital certificates in Outlook Express
<table style="font-size: 10pt; font-family: arial" width="100%]
<tr>
<td vAlign="top" width="175]Sending secure email:</td>
<td>Make a message and before you send it click on Tools :: Sign
Digital, with this your digital signature is on the message and now the
receivers has your public key. If you want to encode the message, click on
Tools :: Encode</td>
</tr>
<tr>
<td vAlign="top" width="175]Adding someones public key:</td>
<td>If you receive a signed email, the public key of that person is
automaticly added to the adresbook. If you have this option disabled you can
do it by opening the message, then File :: Properties ::
Security :: Add digital id to adresbook. You can enable or
disable the automatic adding from Tools :: Options ::
Security :: Advanced :: Add certificates from senders to
adresbook</td>
</tr>
</table>
<pre style="FONT-SIZE: 10pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Courier New]<span style="FONT-SIZE: 12pt]Red Security Tutorial Series</span>
<table style="font-size: 10pt; font-family: arial" cellSpacing="0]
<tr>
<td width="75]Made by:</td>
<td>Iron Lightning</td>
</tr>
<tr>
<td width="75]Date:</td>
<td>13 May 2002</td>
</tr>
</table>
!Understand everything in this article?
!!!Test yourself: Digital Certificates Quiz
-----
{BACKLINKS(info=>hits|user,exclude=>SandBox,include_self=>0,noheader=>0)}{BACKLINKS}
|
|
This article was imported from the CyberArmy University site. (original author: )
There are no replies to this post yet.
|