It contains personal information, such as your name and email, information about the certification authority, such as it's digital signature, and some other information like your private and public
key (which will be discussed in the "Encryption" section). As you will see, such a certificate offers great security to everything you send over the internet.
The benefits of a digital certificate
On the internet, everyone can pretend to be someone else, you can get data that's not yours, and you can even change this data. This is why digital certificates exist. A digital certificate proves you are the person or organization you claim to be. Digital certificates also give security to the
data you send over the internet. They protect and secure your data in four ways:
Encryption
Encryption is the process of changing a normal text into a text that cannot be read. Decryption makes this unreadable text readable again. The encryption that digital certificates use is called key-cryptography. Every certificate has a unique pair of keys, a public and a private one. A message encrypted with one of these keys can only be decrypted by the other key. So you can give your public key to people you know, and if they send a message and encrypt it with that key,
only you can decrypt it, because you are the only one who has the private key.
Authentication & Integrity
Authentication means that there is something that proves that the person really is who he says he is. Integrity means that the message was not changed before it got to the recipient. This is done by an digital signature. This signature is made by the following process, when you are e.g. sending an email:
- The sender will generate a shorter copy of the message, this shorter version is called a message-digist.
- The message-digist is encrypted with the users private key.
- The sender sends the message and the message-digist to the recipient.
- When the recipient receives the message, he decrypts the message-digist with the public key of the sender.
- The recipient uses a hash function to make the message-digist of full length again.
- The recipient can now compare the original message with the full length message-digist
This way of encrypting and sending a message to someone is very secure. Because if the message is altered during transmission, the original message and the message-digist are not identical (the encrypted message-digist can't be altered, because it isn't readable). And if someone is pretending to be someone else, he must have used a other private key, so if you use the public key of the
real person, you can't decrypt the message.
Tokens
Tokens are simply your digital certificate that is on your hard drive. When a computer prompts you for your password, your computer sends your certificate over the internet instead. Your certificate verifies your identity instead of the password. This is a more secure (and easier) means of verification. Because if someone would log into your account, he should have a exact copy of you
digital certificate on his hard drive.
Certification Authority
A Certification Authority (CA) is a trusted third party who makes the certificates. They make sure that the information on the certificate is true. So you can only trust someone with a digital certificate if the CA is trusted. On every certificate a CA gives, there is some information about them. Their digital signature verifies that the certificate is not fake. You can see a list
of CA's that are trusted by your browser by doing the following:
Netscape - Edit :: Preferences :: Privacy & Security
:: Certificates :: Manage Certificates :: Authorities
Internet Explorer - Tools :: Internet Options :: Content
:: Certificates :: Trusted Root Certification Authorities
Here are some CA's:
VeriSign
BankGate CA
British Telecommunications
GlobalSign NV-SA
Thawte Certification
Digital certificates in Outlook Express
Sending secure email:
Make a message and before you send it click on Tools :: Sign Digital, with this your digital signature is on the message and now the receivers has your public key. If you want to encode the message, click onTools :: Encode
Adding someones public key:
If you receive a signed email, the public key of that person is automaticly added to the adresbook. If you have this option disabled you can do it by opening the message, then File :: Properties :: Security :: Add digital id to adresbook. You can enable or disable the automatic adding from Tools :: Options :: Security :: Advanced :: Add certificates from senders to adresbook
Red Security Tutorial Series
Made by:Iron Lightning
Date:13 May 2002
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|