How many times have you been asked to show your identity proof in your life? I think innumerable times we are being asked to provide our passport or pan card to establish our identity. Today the scenario is even more critical. With security becoming the most difficult think to manage and with the digitization of most of the transactions in our day to day life, it was the need of the hour to come up with something which can establish your identity in the cyber space. Digital certificate does exactly what we are talking about. Digital Certificates provide a means of proving your identity in electronic transactions; much like a driver license or a passport does in face-to-face interactions. With a Digital Certificate, you can assure friends, business associates, and online services that the electronic information they receive from you are authentic.
What is a Digital Certificate?
Imagine a situation when you are asked of your identity proof when you go for a new cell connection. Most of the times you would forward your passport or driving license. Now imagine a similar transaction in the internet. What is that which can provide you the capability to establish your identity? The answer is in the two lettered word “Digital Certificates”.
So we can say that Digital Certificates are the electronic counterparts to driver licenses, passports and membership cards. You can present a Digital Certificate electronically to prove your identity or your right to access information or services online.
Deep Dive into Digital Certificate
Let us see how Digital Certificate achieves what it promises to:
1. Digital Certificates maps an identity to a pair of electronic keys that can be used to encrypt and sign digital information.
2. A Digital Certificate makes it possible to verify someone’s claim that they have the right to use a given key. How does that help? Simple it helps by preventing people from using phony keys to impersonate other users.
3. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.
4. A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA’s private key.
5. A Digital Certificate typically contains the:
Owner’s public key
Expiration date of the public key
Name of the issuer (the CA that issued the Digital Certificate
Serial number of the Digital Certificate
Digital signature of the issuer
Applications of Digital Certificate:
Digital Certificates can be used for a variety of electronic transactions including
- Electronic commerce,
- Groupware and electronic funds transfers.
- Netscape’s popular Enterprise Server requires a Digital Certificate for each secure server.
- Electronic banking
For example, imagine a situation where you are shopping at an electronic mall. Now you need to provide your important information like credit card number to make the payment. So you request for the Digital Certificate of the server to authenticate the identity of the mall operator and the content provided by the merchant. Without authenticating the server you should not trust the operator or merchant with sensitive information like credit card number. There in comes the Digital Certificate and acts as an instrument in establishing a secure channel for communicating any sensitive information back to the mall operator. So a secure server must have a Digital Certificate to assure users of its authenticity and legitimacy.
Digital Certificates provides the convenience and flexibility to access important services on the net from the comfort of your home. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.
Again I would ask a similar question! How many times do you need to sign a document in the various transactions that you are involved in your regular life? Again the count would be in-numerous! In general your signature is something which is unique to you and is taken as an un-forgeable piece of record which authorizes you to use certain facilities entitled to you. However still we hear lot of cases of signature forging.
Now imagine what would you do in case of online transactions where you need to put your signature e.g. how will you sign a form-16 online. The answer is “Digital Signature”. A digital signature functions for electronic documents like a handwritten signature does for printed documents. A digital signature actually provides a greater degree of security than a handwritten signature. The recipient of a digitally signed message can verify both that the message originated from the person whose signature is attached and that the message has not been altered either intentionally or accidentally since it was signed. Furthermore, secure digital signatures cannot be repudiated; the signer of a document cannot later disown it by claiming the signature was forged.
In other words, Digital Signatures enable “authentication” of digital messages, assuring the recipient of a digital message of both the identity of the sender and the integrity of the message.
Harry Potter and Digital Signature!
Suppose Harry wants to send a message to Hermione, but his owl is sick and cannot fly the distance. So he decides to use the online facilities used by the muggles and would send a signed online message to Hermione. What would he do? He would do the following to ensure that he is keeping it secret:
1. Create a message digest by using a hash function on the message. The message digest would be serving as a “digital fingerprint” for the message.
2. Now if any part of the message is modified, the hash function returns a different result.
3. In addition Harry encrypts the message digest with his own private key.
4. This encrypted message digest is the digital signature for the message.
5. Harry then sends the message and the digital signature to Hermione.
When Hermione receives the message she does the following:
1. Decrypts the message using Harry’s public key.
2. Thus the message digest gets revealed.
3. But Hermione being a sharp and alert girl wants to verify the message. So she hashes the message with the same hash function as used by Harry.
4. Then she compares the result to the message digest she received from Harry. If they match perfectly then Hermione can be rest assured that the message indeed came from Harry and has not changed since it was signed by Harry.
5. If the message digests are not equal, the message either originated elsewhere or was altered after it was signed.
Note that using a digital signature does not encrypt the message itself. If Harry wants to ensure the privacy of the message, he must also encrypt it using Hermione’s public key. Then only Hermione can read the message by decrypting it with her private key.
It is not feasible for anyone to either find a message that hashes to a given value or to find two messages that hash to the same value. If either were feasible, an intruder could attach a false message onto Harry’s signature.
One or more Digital Certificates can accompany a digital signature. If a Digital Certificate is present, the recipient (or a third party) can check the authenticity of the public key