digital certificate
14 ResultsDictionary
digital certificate
The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called a "digital ID," "digital identity certificate," "identity certificate" and "public key...
Dictionary
Definition: digital certificate
The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called a "digital ID," "digital identity certificate," "identity certificate" and "public key certificate," digital certificates are issued by a trusted third party known as a "certification authority" (CA) such as VeriSign (www.verisign.com) and Thawte (www.thawte.com).
The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.
Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."
The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.
Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.
Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.
Major Data Elements in an X.509 Certificate Version number of certificate format Serial number (unique number from CA) Certificate signature algorithm Issuer (name of CA) Valid-from/valid-to dates Subject (name of company or person certified) Subject's public key and algorithm Digital signature created with CA's private key
Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
THIS DEFINITION IS FOR PERSONAL USE ONLY
All other reproduction is strictly prohibited without permission from the publisher.
© 1981-2010 The Computer Language Company Inc. All rights reserved.
Sponsored White Papers, Webcasts & Resources
-
Download a Free Trial of Diskeeper 2011 EnterpriseServer
Discover the only solution specifically designed for your largest servers, the ones that must be kept online with volumes up to 20TB and millions of fragments. Achieve peak performance 24-7 with...
-
Is Windows vulnerable to attack by stolen digital certificates?
Hacker claims that stolen SSL certificates can be used to create fake Windows Update packages.
-
Comodo hacker hints at more damage
The hacker allegedly responsible for stealing digital certificates from Comodo has said that further certificate authorities may have been hacked.
-
Microsoft warns: Fraudulent digital certificates issued for high-value websites
According to the Microsoft advisory, the fraudulent Web certificates affect the Microsoft Live service, Google's mail system, Yahoo and Skype log-ins.
-
Indian government plans to introduce SIM cards with digital certificates
The Indian government is preparing to introduce digitally encrypted proxy SIM cards for secure SMS and email communications.
-
Why do email Digital Signatures have to be such a pain in the ass?
Digital Signing of email doesn't need to be a major chore using PC operating systems and webmail sites, but it is.
-
-
Email security has been around forever, you just need to turn it on
This information is also available as a TechRepublic download. As much as I respect my colleague and mentor David Berlind who taught me the news business, I have to say that he's got it all wrong...
-
How to implement SSL or TLS secure communications
This information is also available as a TechRepublic download. SSL (Secure Socket Layer) and its successor TLS (Transport Layer Security) are two technologies that enable secure communications on...
-
Safeguard your Office 2007 files with encryption, document protection, and digital signatures
Microsoft Office 2007 has a number of data protection features that help to protect the confidentiality and integrity of files created with Microsoft Word, Excel, PowerPoint, and Outlook. This...
-
iPod, call home
Digital certificates + mobile devices = a handy dandy tracking device. But is it socialist to supply everyone with one? Perhaps Britain should nationalize Apple UK.
-
Web Design: An Introduction to Web Application Security Frameworks
The Internet is a pretty big place. Not only that, but when you create a Web site, anyone with a browser can call it up. That's the beauty of the Internet, right? It is so long as you want...
-
Whitelists: The weapon of choice against spam
It's time for the same technology and service providers that made spam possible to figure out how to make this growing nuisance impossible, or at least improbable. I'm betting on whitelists as...
-
Windows flaw threatens PC services
Microsoft said Wednesday that a critical flaw in most versions of the company's Windows operating system could allow malicious attackers to corrupt the digital certificates that PCs use to connect...
-
Tackling tough issues in e-customer service
Identity services let e-commerce shops better serve customers and secure their transactions. TechRepublic reviews today's identity services--and why PKI's not dead yet.
-
Year of digital certificates?
This year may go down as the year of the digital certificate, if initiatives at the RSA Data Security conference are an indicator of things to come.
Additional Results
-
iTunes Match is a hidden gem for your music listening pleasure
For just $24.99 a year, you can listen to your music on any device and from anywhere
-
Digital Lumens updates LED lighting management platform
Web-based software dashboard helps facility managers assess the potential impact of settings changes or daylight harvesting applications.
-
Huawei asks EU to intervene in InterDigital patent dispute
Huawei has called on European antitrust regulators to investigate InterDigital, after it claims the company is pushing up the license fees of industry-standard patents.
-
TiVo streaming coming to iOS this summer
If you own a TiVo Premiere you'll soon be able to stream programs to your iPad or iPhone with an external transcoder device.
-
Digital foreplay, virtual houseflies among Carnegie Mellon work (videos)
End-of-term projects from Golan Levin's Interactive Art and Computational Design class give us a peek at what kinds of technological mischief our future geniuses are getting up to in school.
-
Anatomy of an iTunes Store account hack
An inside look at what happens when hackers get a hold of your iTunes Store account credentials.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
