Certificates

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

Digital certificates are electronic files that act like a kind of online passport. They are issued by a trusted third party, a certificate authority (CA), which verifies the identity of the certificate's holder. They are tamper-proof and cannot be forged.

Digital certificates do two things:

• They authenticate that their holders - people, web sites, and even network resources such as routers - are truly who or what they claim to be.
• They protect data exchanged online from theft or tampering.

A Digital Certificate typically contains the:

• Owner's public key
• Owner's name
• Expiration date of the public key
• Name of the issuer (the CA that issued the Digital Certificate
• Serial number of the Digital Certificate
• Digital signature of the issuer

Digital Certificates can be used for a variety of electronic transactions including e-mail, electronic commerce, groupware and electronic funds transfers. Netscape's popular Enterprise Server requires a Digital Certificate for each secure server.

There are two types of digital certificates that are important when building secure web sites: server certificates and personal crtificates.

Server Certificates

Server certificates let visitors to your web site exchange personal information, such as credit card numbers, free from the threat of interception or tampering. Server certificates also let visitors to your site authenticate your identity so they can feel secure that they are communicating with you and not with a rogue site impersonating you.

Server certificates are a must for anyone building an e-commerce site or a site designed to exchange confidential information with clients, customers, or vendors.

Personal Certificates

Personal certificates let you authenticate a visitor's identity and restrict access to specified content to particular visitors. You can also use personal certificates to send secure email for private account information.

Personal certificates are perfect for business-to-business communications such as offering your suppliers and partners controlled access to special web sites for updating product availability, shipping dates, and inventory management.

Certificate Authority

An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

The most widely used standard for digital certificates is X.509.

Security Standards

Several of the standard protocols being widely adopted for electronic communication rely on digital certificates:

• SSL (Secure Sockets Layer), developed by Netscape Communications Corporation, is the standard for web browser and server authentication and secure data exchange on the web. All the leading servers and browsers, including Netscape Communicator, are optimized to enable SSL encryption.
• Secure Multipurpose Internet Mail Extensions protocol (S/MIME) is the standard for secure email and electronic data interchange (EDI).
• Secure Electronic Transactions protocol (SET) secures electronic payments.
• Internet Protocol Secure Standard (IPSec) authenticates networking devices.

References

• Digital Certificates - Netscape
• Digital Certicate - Webopedia
• Introduction to Digital Certificates - Verisign