What is Public Key Infrastructure?
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In aweb of trust scheme, the signature is of either the user (a self-signed certificate) or other users ("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
For provable security this reliance on something external to the system has the consequence that any public key certification scheme has to rely on some special setup assumption, such as the existence of a certificate authority.
Content of a typical Digital Certificate:
- Serial Number - Used to uniquely identify the certificate.
- Subject - The person, or entity identified.
- Signature Algorithm - The algorithm used to create the signature.
- Signature - The actual signature to verify that it came from the issuer.
- Issuer - The entity that verified the information and issued the certificate.
- Valid-From - The date the certificate is first valid from.
- Valid-To - The expiration date.
- Key-Usage - Purpose of the public key (e.g. encipherment, signature, certificate signing).
- Public Key - The public key.
- Thumbprint Algorithm - The algorithm used to hash the public key.
- Thumbprint - The hash itself, used as an abbreviated form of the public key.
Certificate and Web Site Security
The most common use of certificates is for HTTPS-based web sites. A web browser validates that an SSL (Transport Layer Security) web server is authentic, so that the user can feel secure that his/her interaction with the web site has no eavesdroppers and that the web site is who it claims to be.
This security is important for electronic commerce. In practice, a web site operator obtains a certificate by applying to a certificate provider (a CA that presents as a commercial retailer of certificates) with a certificate signing request. The certificate request is an electronic document that contains the web site name, contact email address, and company information. The certificate provider signs the request, thus producing a public certificate.
During web browsing, this public certificate is served to any web browser that connects to the web site and proves to the web browser that the provider believes it has issued a certificate to the owner of the web site.
Before issuing a certificate, the certificate provider will request the contact email address for the web site from a public domain name registrar, and check that published address against the email address supplied in the certificate request. Therefore, an https web site is only secure to the extent that the end user can be sure that the web site is operated by someone in contact with the person who registered the domain name.
References:
This is the best detail I have read so far about this complex terminology. You have described all about this scheme in this article. Thank you so much for summing up all the necessary detail and sharing it with us.
ReplyDeletepublic key infrastructure