Digital certificates are the digital equivalent (i.e. electronic format) of physical or paper certificates. Examples of physical certificates are drivers licenses, passports or membership cards. Certificates serve as identity of an individual for a certain purpose, e.g. a drivers license identifies someone who can legally drive in a particular country. Likewise, a digital certificate can be presented electronically to prove your identity or your right to access information or services on the Internet.
Just as a handwritten signature is affixed to a printed letter for verification that the letter originated from its purported sender, digital signature performs the same task for an electronic message. A digital signature is an encrypted version of a message digest, attached together with a message. A secure digital signature system consists of two parts:
A method of signing a document such that forgery is detected, and A method of verifying that a signature was actually generated by whomever it represents Asymmetric/ Public key vs. Symmetric/ Secret key: which cryptography system is better?
A combination of both. The action of encrypting information with public-key cryptography is significantly slower than encrypting with a secret key. However the drawback of the secret-key system is that, secret keys must be transmitted either manually or through a communication channel, and there may be a chance that others can discover the secret keys during transmission. This is not a problem with public-key cryptography, as private keys never need to be transmitted or revealed to anyone. Each user has sole responsibility for protecting his or her private key.
So, in practice public-key cryptography is used with secret-key cryptography to get the best of both worlds. A system that uses public-key cryptography first generates a secret key and uses the secret key to encrypt the message. Public-key cryptography key is then used to encrypt the secret key, which then is attached to the secret key-encrypted message.
Typically certificates are used to generate confidence in the legitimacy of a public key. In addition to verifying a signature, verifying the signers certificate increase the confidence of the receiver in ensuring that attempted forgery or impersonation has not occurred.
Digital certificates can be used as to verify someones (or some companys) identity. It can be used in a variety of ways including to control access on web sites, to create virtual private networks, to secure e-mail, and to guarantee the authenticity of downloaded software.
A Digital Certificate contains three elements:
Subject Name and Other Certificate Extensions
This is information about the object being certified. In the case of a person this might include ones name, nationality and email address, your organization, and the department within that organization where you work. It could also include a picture of you, a codification of your fingerprints, your passport number, and so on.
Public Key Information
This is the public key of the entity being certified. The certificate acts to bind the public key to the attribute information described above. The public key can be any asymmetric key, but is usually an RSA key.
Certifying Authority (CA) Signature
The CA signs the first two elements and thereby adds credibility to the certificate. People who receive the certificate check the signature and will believe the attribute information public key binding if they trust that certifying authority.
Digital Certificates can be categorized into Server certificates and Personal certificates. The differences lie in the information they contain and who they identify. For example, a server certificate's "Common Name" attribute is usually set to a host name or host name pattern, like www.mtnltrustline.com, while a personal certificate would have this attribute set to your full name.
Personal certificates serve to identify a person. It follows that the contents of this type of certificate include the full name and personal particulars of an individual. Among other uses of personal certificates some are: Secure e-mail correspondence and enhanced access control to sensitive or valuable information.