Saturday, 2 May 2015

Public key certificates

In previous post, I explained two basic strategies in encryption. We almost solve the problems in secret key and public key algorithms by combining both of these.

Suppose ‘A’ and ‘B’ wants to communicate.

a.   ‘A’ generates his public-private key pair
b.   ‘A’ sends his public key to ‘B’
c.    ‘B’ generate a random number, and encrypt the random number with ‘A’ public key and send the encrypted message to ‘A’.
d.   ‘A’ receives the encrypted message and decrypts the message with his private key.
e.   At this point of time, both ‘A’ and ‘B’ knows the random number, they use this random number as secret key and perform secret key encryption with this key.

There is one problem here, Closely observe for a minute…

'A' sends his public key to 'B'. But how 'B' confirms that A is authentic (or) trusted one. Here public key certificates and certificate authorities came into picture.

A trusted third party usually issues the certificate. You can assume a certificate like your voter ID, Driving license, Marks memo etc., For example, marks memo is given by universities, voter ID is given by Government.

Popular certificate authorities for web include, verisign, GoDaddy, AT&T certificate services, Microsoft etc., A typical certificate contains following fields.

Issuer: It is the organization that issues the certificate.
Period Of validity: How long this certificate is valid.
Subjet details : Include details about the subject, Suppose for a company like amazon.com, the subject can be

Company Name : Amazon.com
Country : US
Common Name : Amazon.com

Public Key information : It includes the algorithm used, public key, key size etc.,

Certificate Authorities
Certificate Authority is the organization, who issues the certificate.
Popular certificate authorities include, verisign, GoDaddy, AT&T certificate services, Microsoft etc.,

There are two kinds of Certificate Authorities.
a.   Private certificate Authorities
b.   Public Certificate Authorities

Private certificate authorities are completely for internal purpose. For example company like Symantec, issues a certificate to every computer/laptop in their organization for secure communication.

Public certificate authorities for Internet purpose. These are global authorities. They verify the identity of both individuals and organizations and issue the certificate.

Prevoius                                                 Next                                                 Home

No comments:

Post a Comment