Digital Certificates
 

This tutorial contains:

Intro
What is encryption?
What is a Certificate?
Where Digital Certificates are used?
What are private and public keys and what's the relation between them?
What is actually happening when two people communicate?
What is the key life-cycle of Certificates?
How Windows XP users view their certificates?
References

Introduction

The three most important things in e-communications is the C-I-A Triad. It's the presence of the: Confidentiality, integrity and availability.

Confidential means private or secret. In a computer environment, information is transmitted from a source to a target, and recently sensitive material has been in that process which includes: Government Materials/documents, Banking information and private information.

To ensure confidentiality, there are several ways to ensure that; Certificates is one.

To understand digital certificates, we must understand the keyword "Encryption".

What is Encryption?

Encryption is the process of a message being coded in a way; no one would understand the message but the receiver. The way he knows how to decode it (Decrypt it) is by knowing its key.

An example would be the following:
I Love you = my message
Each letter + 1 letter Ahead= my key
J MPWF ZPV= my encrypted message

Summarized: Encryption is made of three parts:

1. The decrypted message (the plain text)
2. The Key
3. The encrypted message (the ciphered text)

This type of encryption is called: Symmetric Algorithm. Where no authentication is included. The other way that includes the individual's authentication and validation is: Asymmetric Algorithms. This includes:

1. A private key.
2. A public key.

The main difference between Asymmetric and Symmetric Algorithms is that the Asymmetric Algorithm includes individual's validation.

Now that a little of encryption is explained, we can move into certificates.

What is a Digital Certificate?

A digital certificate is an electronic credential used to authenticate users. It is one of the major roles of secure communications. In a secure network infrastructure, a Public Key Infrastructure (PKI) is implemented. A PKI have basic components:

• Digital certificates: An electronic credential used to authenticate users.
• Certification Authority (CA): The digital certificate's "Factory". It is the computer that issues digital certificates; and has several other functions.
• Certification management tools: Tools that manage and audit digital certificates.
• Certificate publication point: The location where certificates are stored and published.
• Applications: The applications that use the digital certificates.

Where Digital Certificates are used?

Digital Certificates can be used in the following:

• Secure e-mails. An example would be "Outlook Express" where there is an option of "Digitally Signing" the e-mail. For example, when Alice Digitally signs a message for Bob she also attaches her Certificate to the outgoing message. Therefore, upon receiving the signed message Bob can verify the validity of Alice's Certificate. If it is successfully verified, Bob now has Alice's Public Key and can verify the validity of the original message signed by Alice.
  
• Secured web connections. This includes using secure socket layers (SSL), an example would be: Credit card information pages that uses the HTTPS protocol.
  
• Custom applications. Certificates can be used to complete the CIA-triad.
  
• Smart card logon process. This authenticates users using their smartcards using card devices attached to their computers.

What are private and public keys and what's the relation between them?

PKI encryption and decryption involves two keys: a public key and a private key. The relationship between the keys is defined as follows:

• Data that is encrypted with the private key can only be decrypted using the public key.
• Data that is encrypted with the public key can only be decrypted using the private key.

Public key cryptography is an example of Asymmetric Algorithm.

What is actually happening when two people communicate?

We Have Mr. "X", Ms. "Y", a message and the bad guy "Z".
X wants to send Y a message securely.
X encrypts his message using Y's public key.
X signs (re-encrypts) his message with his private key.
Y verifies the message was sent from: X by decrypting X's public key.
Y decrypts the actual data sent from X using her own private key.
Let's say:
Z (the nosy guy) intercepts the message from X.
Z verifies the message was sent from X by using Y's public key.
Z fails to access the message because he doesn't have Y's private key.
Z can't pretend he's Y because he doesn't have her private key.

Using PKI we guaranty:

1. Data is secured
2. Data is received from the correct source.

*Note: Public keys are stored in the CA; private keys are in the user's computer.

What is the key life-cycle of Certificates?

Certificate Validation

http://www.go4expert.com/images/arti...cates/fig1.png

• Certificate Creation (Enrollment): once a user requests a certificate from a CA, it verifies the information based on policy rules, creates the certificate.
• Certificate Distribution: Sending the certificate to the user, with the set policies that affect the use of it.
• Certificate Validation (status checking): When the certificate is used, it's status will be verified (checked). The CA will make sure it is not a CRL (Certificate revocation list) which means it's a not valid certificate.
• Certificate Revocation: Certificates issued have an expiration date; The certificate is revoked when it reaches it. Sometimes an administrator needs to revoke the certificate before it reaches its expiration date. He must include a reason code. The codes include the following:
  • 0 =Unspecified reason
  • 1 =Private key compromise
  • 2 =CA compromise
  • 3 =Certificate users affiliation changed
  • 4 =Certificate of private key has been superseded by a new one
  • 5 =The issuing CA is no longer operational
  • 6 = The certificate is on "Hold"
• Certificate Renewal: When the certificate reaches it expiration date and is allowed to be renewed, this can happen automatically. When renewing manually we can select to either generate new public keys or not.
• Certificate Destruction: When a certificate is no longer in use, the certificate and its back-up(s) should be destroyed to insure the certificate is not compromised and used.

How Windows XP users view their certificates?

1. Open your MS Internet Explorer
2. Click on the Tools menu
3. From the drop down list select Internet Options
4. Click the Content tab
5. Click the Certificates button
6. A window like this will appear.

http://www.go4expert.com/images/arti...cates/fig2.png

To view the details of the certificate, click on the certificate then click "view".
A window like this will appear:

http://www.go4expert.com/images/arti...cates/fig3.png

Hope that was useful!

Reference

1. http://microsoft.com
2. http://www.informit.com
3. http://www.comodogroup.com
4. Security+ training kit (Microsoft Press) 2003 ©
5. Testking's audio training guide (Comitia: Security+)

Re: Digital Certificates
 

wow, thanks for the post. Actually I was able to solve my doubts with the using of Public and Private key..

Re: Digital Certificates
 

Thank you for passing by.

Re: Digital Certificates
 

nice

Re: Digital Certificates
 

Nomination for article of the month for December 2008 Started.

Re: Digital Certificates
 

Its among the Article of the month and votes can make it win, so start Voting for article of the month for December 2008

Re: Digital Certificates
 

Re: Digital Certificates
 

Thank you everyone for your time, reading, voting, and visiting this thread.