In previous post, I explained two basic
strategies in encryption. We almost solve the problems in secret key and public
key algorithms by combining both of these.
Suppose ‘A’ and ‘B’ wants to
communicate.
a. ‘A’ generates his public-private key
pair
b. ‘A’ sends his public key to ‘B’
c. ‘B’ generate a random number, and
encrypt the random number with ‘A’ public key and send the encrypted message to
‘A’.
d. ‘A’ receives the encrypted message and
decrypts the message with his private key.
e. At this point of time, both ‘A’ and ‘B’
knows the random number, they use this random number as secret key and perform
secret key encryption with this key.
There is one problem here, Closely
observe for a minute…
'A' sends his public key to 'B'. But how
'B' confirms that A is authentic (or) trusted one. Here public key certificates and certificate authorities came
into picture.
A trusted third party usually issues the
certificate. You can assume a certificate like your voter ID, Driving license,
Marks memo etc., For example, marks memo is given by universities, voter ID is
given by Government.
Popular certificate authorities for web
include, verisign, GoDaddy, AT&T certificate services, Microsoft etc., A
typical certificate contains following fields.
Issuer:
It is the organization
that issues the certificate.
Period
Of validity: How long
this certificate is valid.
Subjet
details : Include
details about the subject, Suppose for a company like amazon.com, the subject
can be
Company Name : Amazon.com
Country : US
Common Name : Amazon.com
Public
Key information : It
includes the algorithm used, public key, key size etc.,
Certificate Authorities
Certificate
Authority is the organization, who issues the certificate.
Popular certificate authorities include,
verisign, GoDaddy, AT&T certificate services, Microsoft etc.,
There are two kinds of Certificate
Authorities.
a. Private certificate Authorities
b. Public Certificate Authorities
Private certificate authorities are
completely for internal purpose. For example company like Symantec, issues a
certificate to every computer/laptop in their organization for secure
communication.
Public certificate authorities for
Internet purpose. These are global authorities. They verify the identity of
both individuals and organizations and issue the certificate.
No comments:
Post a Comment