Public Key Certificates
Certifictaes create a trust model for end user to know
- from where has this certificate come from?
- is it genunie?
An electronic document which contains
- Who issued the certificate
- Who the certificate is issued to
- Expiry date
- Public Key -- to communicate with the agency for whom the certificate is issued
- Digital Signature -- to proove that certificate came from a trusted source and is not tampered
- Algorithms, Key Sizes etc.
Hash Value : The hash value is the mathematical value for that certificate
hash_function(certificate_data) :: hash_value Encrypt_Algo(hash_value, private_key) :: digital signature Decrypt_Algo(digital_signature, public key) :: hash_value QUES: The certificate carries the digital signature which is hash_value encrypted with Private Key. Digital signature is decrypted using public key to get hash. Once Hash and Digital Signature is given how hard it is to get the private key??
Certificate Trust Model
A third party Certificate Authority issues certificates to the holder. Now holder can give out these certificates establising itself as a trusted agency.
Certificate Authority does a lot of backgroud checks before issuing the certificate
The certificate of the CA is loacally installed with the user. Thus, it can trust that the obtained certificate is signed by a trusted CA.