Digital Certificates

Digital certificates play a vital role in the chain of trust. Public key encryption works well when you deal with people you know, as it's easy to send each other a public key. However, what about communications with people you don't know? What would stop someone from posting a public key and saying that instead of Mike, their name is Clement? Not much really, a hacker could post a phony key with the same name and identification of a potential recipient. If the data were encrypted with the phony key, it would be readable by the hacker.

The solution is digital certificates. They play a valuable role because they help you verify that a public key really belongs to a specific owner. Digital certificates are similar to a passport. If you want to leave the country, you must have a passport. If you're at the airport, it's the gold standard of identification, as it proves you are who you say you are. Digital certificates are backed by certificate authorities. A certificate authority is like the U.S. Department of State because it is the bureau that issues passports. In the real world, certificate authorities are handled by private companies. Some of the most well-known include VeriSign, Thawte, and Entrust.

Exam Alert

Digital certificates are used to prove your identity when performing electronic transactions.

Although you might want to use an external certificate authority, it is not mandatory. You could decide to have your own organization act as a certificate authority. Regardless of whether you have a third party handle the duties or you perform them yourself, digital certificates will typically contain the following critical pieces of information:

1. Identification information that includes username, serial number, and validity dates of the certificates.
2. The public key of the certificate holder.
3. The digital signature of the signature authority. This piece is critical, as it validates the entire package.

X.509 is the standard for digital signatures, as it specifies information and attributes required for the identification of a person or a computer system. Version 3 is the most current version of X.509.