A Primer On The PKI Certificate And How It Works
One of the big stumbling blocks in the early days of internet use for online commerce, now called e-commerce, was the lack of security for buyers placing personal and financial information online through a website, through a browser going to a server.
This led to Netscape creating SSL (Secure Sockets Layer) in the mid part of the 1990s. This was later enhanced to create what we still call SSL but is really an upgraded version correctly known as TLS or Transport Layer Security.
In a simple explanation SSL/TLS uses a set of keys, one private and one public, that are generated at the time of the Certificate Signing Request by the server, email client or the device. The keys are at the heart of a PKI certificate and how it works either as an SSL/TLS product or as an email and authentication certificate.
The Certificate Signing Request is then submitted to a Certificate Authority to provide validation. Think of validation as a form of verification where the Certificate Authority checks the information against known and trusted sources to verify to a specific level. Once this is validated of verified a digital certificate is produced for either a specific domain, combination of domains and subdomains, or to secure email, provide code signing or complete client authentication.
The Basics of the Keys and Digital Certificate
The two keys generated are central to any PKI certificate and how it works. These two keys also have to match the certificate data which will either one or more domain and subdomain names or a specific email users name.
Think of the certificate as a passport. It identifies the user to anyone requiring verification of identity. For someone shopping, only the certificate is used to allow the browser and the server to recognize each other as safe because the Certificate Authority has an embedded root certificate in the browsers that recognizes the certificate from the server.
The public key is public and the private is maintained by the named entity or person on the certificate. These two keys are mathematically related but not similar or identical, which means that to both encrypted and decrypted both keys have to be used at the respective points. Not only that, but the certificate has to be from a trusted source, which is the importance of having the root certificate (from the Certificate Authority) embedded in the device, browser or email client.
The good news is that Comodo is trusted by 99.9% of browsers and devices. We also provide full information to all our clients on the different options in certificates we offer as well as information on the PKI certificate and how it works.
Part of the PKI certificate and how it works is also the option to include a digital signature. This is really the ability to provide information about the origin of the email, the authentication of the sender and the ability to prove that the information in the message or attachments has not been altered after being signed.
While it is digital, the certificate through Public Key Infrastructure acts just like an original signed document. It shows that the document is identical when received as when sent because it creates a hash message or mathematical translation of the message. When the message arrives, with the hash, it is compared and, if there are any differences, the receiver is alerted through a notification with the email.
The obvious benefit of the digital certificate is to make an online document, once signed (encrypted and hashed) a binding document. It will also authenticate that the email is from a specific sender and that sender is the entity bound to the keys and the certificate.
For all involved in the exchange of emails, it also provides non-repudiation. This means that later on the sender of the email cannot simply say that the email was not authorized or sent through their account. Without the use of the public and private keys and the digital certificate, this would not be possible. In turn, this wouldn't allow these documents to be able to stand up in court in the same way a hand signed original document could be used.
At Comodo, we offer both PKI certificates for domains as well as for emails. Our email certs, also known as client or personal authentication certs, are free of cost for those using them for home and personal just. Business PKI certificates are just pennies a day. To find out more see us at https://www.instantssl.com or give us a call at +1 888 266 6361.